On 07/01/2013 03:44 PM, Bernhard Voelker wrote: > On 07/01/2013 03:36 PM, Pádraig Brady wrote: >> On 06/26/2013 09:48 AM, Jarkko Sakkinen wrote: >>> Enable creation of SMACK security context with -Z command-line switch >>> if SMACK is enabled. > > Do we have a chance to have tests for all the new SMACK code? > > I do not know much about SMACK and SELinux, but can both be > active at the same time? If so, the behavior probably has changed > (in ls(1) at least) because the code always tests for SMACK first.
I asked Jarkko about that and he said: "Well, actually you couldn't have SELinux and SMACK active in the kernel at the same time. Kernel can only have one LSM enabled at a time (and you cannot switch or disable LSM). So this essentially detects, which one is enabled in the kernel." The point about tests is valid, though I didn't think that important since the selinux and smack code is so similar. Jarkko I'd accept a patch with tests in smack.sh based on tests/mkdir/selinux.sh (which calls require_smack_enforcing_). thanks, Pádraig.
