Pushed with the following changes:
* Lennart's suggestions for option names.
* Lennart's other suggestion for no asprintf() in the options
processing. Moved the concatenation to strjoin() on use.
* Removed redundant trailing NULL in the arguments to strjoin().
* Removed invalid option "-s" from
On Tue, Feb 4, 2014 at 5:22 AM, Lennart Poettering
wrote:
> processlabel
The actual code processes this option as "label." I'll fix all of this
up (including the asprintf) and then commit.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.o
On Thu, 30.01.14 16:28, Daniel J Walsh (dwa...@redhat.com) wrote:
Heya,
Please also add these options to the man page...
> + " -L --filelabel=LABEL Set the MAC file label to be used
> by tmpfs file systems in container\n"
> + " -Z --processlabel=LABEL Set the
We would find this extremely useful. Our #1 long-term feature need is
a containerization tool that supports both socket activation and
selinux. libvirt-lxc has the former, but I'm seeing inconsistent
documentation on the latter. I'd be glad to see systemd-nspawn get
good support.
__
This patch adds to new options:
-Z PROCESS_LABEL
This specifies the process label to run on processes run within the container.
-L FILE_LABEL
The file label to assign to memory file systems created within the container.
For example if you wanted to wrap an container with SELinux sandbox labels
