On 07/01/2013 03:44 PM, Bernhard Voelker wrote:
On 07/01/2013 03:36 PM, Pádraig Brady wrote:
On 06/26/2013 09:48 AM, Jarkko Sakkinen wrote:
Enable creation of SMACK security context with -Z command-line switch
if SMACK is enabled.
Do we have a chance to have tests for all the new SMACK code?
I do not know much about SMACK and SELinux, but can both be
active at the same time? If so, the behavior probably has changed
(in ls(1) at least) because the code always tests for SMACK first.
I asked Jarkko about that and he said:
"Well, actually you couldn't have SELinux and SMACK active in the
kernel at the same time. Kernel can only have one LSM enabled at
a time (and you cannot switch or disable LSM). So this essentially
detects, which one is enabled in the kernel."
The point about tests is valid, though I didn't think
that important since the selinux and smack code is so similar.
Jarkko I'd accept a patch with tests in smack.sh based
on tests/mkdir/selinux.sh (which calls require_smack_enforcing_).