On 12/13/2016 02:51 PM, Lennart Poettering wrote:
Yeah, this is really what it boils down to: the goal with the systemd directives is to make things easy to grok and easy to change. I can probably explain to most Linux admins who have administered a current Fedora in 5min what ProtectSystem=strict and ReadWritePaths=/var/lib/myservice does, and why it's a good thing. And
One thing that SELinux does right is auditing---access violations are logged, so that there are no silent mysterious failures (well, mumble, mumble, maybe sometimes, you know what I mean). Also, SELinux allows debugging in the permissive mode that just logs without actually blocking access. What happens after systemd directives result in denials?
BTW, it's ProtectSystem=true/false/full (not strict), right?
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org
