Devuan Jessie beta released

I remember when the SMACK linux kernel security module was released back in 2008, it was so hard for to write appropriate security labels for system services: we had to write our own specific daemon startup tools to do so, and then integrate them in gazillion shell scripts ..

Now all you have to do is to write a SMACKProcessLabel= in the service file and you're done:

https://www.freedesktop.org/software/systemd/man/systemd....

And you can even add ConditionSecurity= to make sure that a service only runs when a certain security module is enabled (or disabled) in the system:

https://www.freedesktop.org/software/systemd/man/systemd....

Now why all of this is dead-simple in systemd but quite hard on older Linux systems? Simply because systemd was appropriately designed to handle *today's* computing use-cases..

Yes, all of these details are a little bit more complex (from an implementation, not system configuration, side) .. but it's much better than hiding our head in the sand pre systemd adoption in 2012 ..