diff options
Diffstat (limited to 'meta-app-framework/recipes-core/smack-system-setup/files/systemd-journald.service.conf')
-rw-r--r-- | meta-app-framework/recipes-core/smack-system-setup/files/systemd-journald.service.conf | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/meta-app-framework/recipes-core/smack-system-setup/files/systemd-journald.service.conf b/meta-app-framework/recipes-core/smack-system-setup/files/systemd-journald.service.conf new file mode 100644 index 000000000..7035a1410 --- /dev/null +++ b/meta-app-framework/recipes-core/smack-system-setup/files/systemd-journald.service.conf @@ -0,0 +1,16 @@ +# Run systemd-journald with the hat ("^") Smack label. +# +# The journal daemon needs global read access to gather information +# about the services spawned by systemd. The hat label is intended +# for this purpose. The journal daemon is the only part of the +# System domain that needs read access to the User domain. Giving +# the journal daemon the hat label means that we can remove the +# System domain's read access to the User domain and we can avoid +# hard-coding a specific label name for that domain. +# +# Original author: Casey Schaufler <casey@schaufler-ca.com> +# +# This is considered a configuration change and thus distro specific. +[Service] +SmackProcessLabel=^ + |