[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Why "id -Z" get the current process security context but says "of the cu
From: |
Yang Chengwei |
Subject: |
Why "id -Z" get the current process security context but says "of the current user" in help? |
Date: |
Thu, 16 Jan 2014 09:50:04 +0800 |
User-agent: |
Mutt/1.5.21 (2010-09-15) |
Hi List,
I found that both id manpage and its help info says something about
security context like:
-Z, --context print only the security context of the current user\n\
As it said, it gets the security context of *the current user*. However,
I found in its source code, it implemented in a way to get *the current
process* security context, in both SELinux and SMACK way.
As I understand, *the current process* whenever "id -Z" executed, it's
the id process, its security context doesn't equal *the current user*
security context. Right?
So far I haven't worked with SELinux a lot, but have some SMACk
experience, so currently "id -Z" in SMACK environment *only* works if *id*
hasn't itself SMACK64EXEC label, in that way, *id* will inherent the shell
security context, so the security context of *the current process* is
the same as security context of *the current user*. Otherwise, it will
surprise user, like me.
--
Thanks,
Chengwei
signature.asc
Description: Digital signature
- Why "id -Z" get the current process security context but says "of the current user" in help?,
Yang Chengwei <=