[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] mk{dir, fifo, nod}: with -Z, create SMACK security context

From: Jarkko Sakkinen
Subject: Re: [PATCH] mk{dir, fifo, nod}: with -Z, create SMACK security context
Date: Wed, 31 Jul 2013 09:10:14 +0300
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130623 Thunderbird/17.0.7

On 01.07.2013 20:46, Jarkko Sakkinen wrote:

On 01.07.2013 18:13, Pádraig Brady wrote:
On 07/01/2013 03:44 PM, Bernhard Voelker wrote:
On 07/01/2013 03:36 PM, Pádraig Brady wrote:
On 06/26/2013 09:48 AM, Jarkko Sakkinen wrote:
Enable creation of SMACK security context with -Z command-line switch
if SMACK is enabled.
Do we have a chance to have tests for all the new SMACK code?

I do not know much about SMACK and SELinux, but can both be
active at the same time? If so, the behavior probably has changed
(in ls(1) at least) because the code always tests for SMACK first.
I asked Jarkko about that and he said:

"Well, actually you couldn't have SELinux and SMACK active in the
kernel at the same time. Kernel can only have one LSM enabled at
a time (and you cannot switch or disable LSM). So this essentially
detects, which one is enabled in the kernel."

The point about tests is valid, though I didn't think
that important since the selinux and smack code is so similar.
Jarkko I'd accept a patch with tests in based
on tests/mkdir/ (which calls require_smack_enforcing_).
I can work on that. I'm right now on a vacation but I can make
tests for SMACK in August when I'm back at work.

Back at work. I'll look into this either this week or
next week (depending on how fast I'm able to clean up
my inbox).




reply via email to

[Prev in Thread] Current Thread [Next in Thread]