summaryrefslogtreecommitdiffstats
path: root/meta-security/recipes-core/smack-system-setup/files/systemd-journald.service.conf
blob: 7035a14103914ed8fa880a214b918acf9ef83cf8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# Run systemd-journald with the hat ("^") Smack label.
#
# The journal daemon needs global read access to gather information
# about the services spawned by systemd. The hat label is intended
# for this purpose. The journal daemon is the only part of the
# System domain that needs read access to the User domain. Giving
# the journal daemon the hat label means that we can remove the
# System domain's read access to the User domain and we can avoid
# hard-coding a specific label name for that domain.
#
# Original author: Casey Schaufler <casey@schaufler-ca.com>
#
# This is considered a configuration change and thus distro specific.
[Service]
SmackProcessLabel=^