Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Systemd integration and config watcher #6

Open
Mdyrl7777777 opened this issue Oct 4, 2017 · 1 comment
Open

Systemd integration and config watcher #6

Mdyrl7777777 opened this issue Oct 4, 2017 · 1 comment
Assignees
@smeso
Labels
enhancement packaging

Comments

@Mdyrl7777777
Copy link
Contributor

Mdyrl7777777 commented Oct 4, 2017
edited
Loading

Hi!
I prepared systemd units for loading saractl config at startup and reloading rules automatically at every config change. I think you can add them to saractl package. All files should be installed to /usr/lib/systemd/system or /lib/systemd/system depending on distibution.

# /usr/lib/systemd/system/saractl.service
[Unit]
Description=Userspace counterpart of the S.A.R.A. LSM
DefaultDependencies=no
After=systemd-remount-fs.service
Before=sysinit.target
ConditionPathExists=/sys/kernel/security/sara

[Service]
Type=oneshot
ExecStart=/usr/bin/saractl startup

[Install]
WantedBy=sysinit.target

# /usr/lib/systemd/system/saractl-reload.service
[Unit]
Description=Userspace counterpart of the S.A.R.A. LSM

[Service]
Type=oneshot
ExecStart=/usr/bin/saractl load

# /usr/lib/systemd/system/saractl-reload.path
[Unit]
Description=Userspace counterpart of the S.A.R.A. LSM
ConditionPathExists=/sys/kernel/security/sara

[Path]
PathChanged=/etc/sara/wxprot.conf.d/

[Install]
WantedBy=multi-user.target

To enable and start units at system startup run:

systemctl enable saractl.service
systemctl start saractl.service

systemctl enable saractl-reload.path
systemctl start saractl-reload.path

saractl.service.txt
saractl-reload.path.txt
saractl-reload.service.txt
@smeso smeso self-assigned this Oct 5, 2017
@smeso
Copy link
Owner

smeso commented Oct 5, 2017

Thank you for your help!

@smeso smeso added the packaging label Oct 5, 2017
@Mdyrl7777777 Mdyrl7777777 mentioned this issue Aug 15, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smeso smeso

Labels
enhancement packaging
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@smeso @Mdyrl7777777