From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Mon, 17 Nov 2014 09:13:32 -0500
Subject: [refpolicy] systemd
In-Reply-To: <20141116000635.546ed2d1@fornost.bigon.be>
References: <54539DFD.6000408@tresys.com>
	<20141116000635.546ed2d1@fornost.bigon.be>
Message-ID: <546A028C.1040206@tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On 11/15/2014 6:06 PM, Laurent Bigonville wrote:
> Le Fri, 31 Oct 2014 10:34:37 -0400,
> "Christopher J. PeBenito" <cpebenito@tresys.com> a ?crit :
> 
>> One big shortcoming that refpolicy has had lately is missing a
>> complete systemd policy.  Since no one has upstreamed the policy,
>> I've decided to start writing one, as the Fedora version cannot be
>> upstreamed with out significant refactoring.
> 
> With systemd as PID1, the system dbus services are not started by the
> udev daemon anymore but by systemd (PID1) itself. That means that ATM,
> the dbus services are not properly transitioned to their own domain and
> run under init_t. What should be done according to you? Modify
> dbus_system_domain() to also allow transition from init_t? Modify all
> the modules to that are using dbus_system_domain() and add
> init_daemon_domain()?

I've been aware of this, but have not come to a conclusion on what the
right way forward is.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com