Hi On Thu, Jan 16, 2014 at 12:07:02PM +0000, Pádraig Brady wrote: > On 01/16/2014 06:24 AM, Jarkko Sakkinen wrote: > > Hi > > > > On Thu, Jan 16, 2014 at 02:16:28AM +0000, Pádraig Brady wrote: > >> So I suppose we might change the --help docs etc. to say > >> _process_ rather than _user_. Is SMACK64EXEC a common > >> label to have set on the id executable? Jarkko I don't suppose > >> there is any way to avoid that? > > > > I don't see any reason why anyone would set SMACK64EXEC for 'id'. There's > > no realistic use case to do that. > > OK it's an edge case so we can set the docs accordingly. > BTW I notice SELinux' getprevcon() which is the same as getcon() > but gets the context before the last exec. > If SMACK had an equivalent would that be more appropriate to use here?
SMACK does not provide anything similar in its kernel interface. > thanks, > Pádraig. /Jarkko
