Hi List, I found that both id manpage and its help info says something about security context like:
-Z, --context print only the security context of the current user\n\ As it said, it gets the security context of *the current user*. However, I found in its source code, it implemented in a way to get *the current process* security context, in both SELinux and SMACK way. As I understand, *the current process* whenever "id -Z" executed, it's the id process, its security context doesn't equal *the current user* security context. Right? So far I haven't worked with SELinux a lot, but have some SMACk experience, so currently "id -Z" in SMACK environment *only* works if *id* hasn't itself SMACK64EXEC label, in that way, *id* will inherent the shell security context, so the security context of *the current process* is the same as security context of *the current user*. Otherwise, it will surprise user, like me. -- Thanks, Chengwei
signature.asc
Description: Digital signature
