On 01/16/2014 06:24 AM, Jarkko Sakkinen wrote: > Hi > > On Thu, Jan 16, 2014 at 02:16:28AM +0000, Pádraig Brady wrote: >> So I suppose we might change the --help docs etc. to say >> _process_ rather than _user_. Is SMACK64EXEC a common >> label to have set on the id executable? Jarkko I don't suppose >> there is any way to avoid that? > > I don't see any reason why anyone would set SMACK64EXEC for 'id'. There's > no realistic use case to do that.
OK it's an edge case so we can set the docs accordingly. BTW I notice SELinux' getprevcon() which is the same as getcon() but gets the context before the last exec. If SMACK had an equivalent would that be more appropriate to use here? thanks, Pádraig.
