Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
systemd-logind remove all IPC objects owned by a user on a logout. Th…
…is covers also SysV memory. This change allows to destroy unpriviledged user SysV shared memory segments.
- Loading branch information
7516138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
First we need to get pam_selinux+systemd working at all (see upstream communication about SELinux code issues). Then we can think about your suggestions.
Thank you.
7516138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
http://marc.info/?l=selinux&m=144707899910491&w=2
7516138
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. There are some policy issues with confined init_t on which we are working. Good idea with a permissive domain ;-).