[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] mk{dir, fifo, nod}: with -Z, create SMACK security context

From: Pádraig Brady
Subject: Re: [PATCH] mk{dir, fifo, nod}: with -Z, create SMACK security context
Date: Mon, 01 Jul 2013 16:13:40 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2

On 07/01/2013 03:44 PM, Bernhard Voelker wrote:
> On 07/01/2013 03:36 PM, Pádraig Brady wrote:
>> On 06/26/2013 09:48 AM, Jarkko Sakkinen wrote:
>>> Enable creation of SMACK security context with -Z command-line switch
>>> if SMACK is enabled.
> Do we have a chance to have tests for all the new SMACK code?
> I do not know much about SMACK and SELinux, but can both be
> active at the same time? If so, the behavior probably has changed
> (in ls(1) at least) because the code always tests for SMACK first.

I asked Jarkko about that and he said:

"Well, actually you couldn't have SELinux and SMACK active in the
kernel at the same time. Kernel can only have one LSM enabled at
a time (and you cannot switch or disable LSM). So this essentially
detects, which one is enabled in the kernel."

The point about tests is valid, though I didn't think
that important since the selinux and smack code is so similar.
Jarkko I'd accept a patch with tests in based
on tests/mkdir/ (which calls require_smack_enforcing_).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]