Distributors ponder a systemd change
Distributors ponder a systemd change
Posted Jun 8, 2016 17:05 UTC (Wed) by jberkus (guest, #55561)In reply to: Distributors ponder a systemd change by rahulsundaram
Parent article: Distributors ponder a systemd change
> That might be true if SELinux was more widely adopted. Unfortunately, that isn't the case.
That's a "but the light's better over here" argument. Poettering is pushing this because it's "the right thing to do". But the *right* thing to do is for it to be in SELinux, where there can be actual admin policies around process-killing instead of just an on/off switch. So we should either do the expedient thing to do (which is to leave the defaults where they are) or the right thing to do (which is to put this in SELinux with hooks in systemd to support it). This change is neither right, nor expedient.
Posted Jun 8, 2016 17:12 UTC (Wed)
by rahulsundaram (subscriber, #21946)
[Link]
> But the *right* thing to do is for it to be in SELinux
I don't see why SELinux is the obviously right place to do it.
> where there can be actual admin policies around process-killing instead of just an on/off switch
It isn't just a switch in systemd. You can have admin policies in polkit.
Distributors ponder a systemd change