Hi, I tried to use selinux with systemd, but without much success. Looks like the whole transitioning is broken. (Most daemons are stuck in the init_t domain) What I don't understand is, while more and more disros switching to systemd, it seems like there is still no working selinux policy with systemd support. So how do other distros support selinux?
While I'm tying to figure this selinux thingy out, a few questions came to mind: Most packages with the selinux use flag are just pulling their reference policy module as a dependency. Wouldn't it be better to use the seinux flag only for packages which are linked against libselinux and use instead a SELINUX_MODULES variable in the make.conf file (similar to APACHE2_MODULES)? The tresys reference policy uses the distro_gentoo directive, but AFAIK it only affects openrc stuff. So shouldn't it be renamed to init_openrc? Best regards, Simon
