On Thu, Jan 02, 2014 at 10:48:16PM +0000, Schaufler, Casey wrote: > > > If you are installing individual packages on a Tizen 3 system please be sure > that you have the right Smack label. You can see what the Smack label of your > process is using “id –Z”. If your process label is not “_” you may be > surprised > by some of the files that will be given your current process label. Files > created by post-installation operations will get your current label. It is > also > possible that some of the post-installation operations will impact files from > other packages, causing mysterious failures that seem unrelated to the package > you’ve installed. If the package you are installing has a proper manifest file > this will not be a problem. > > > > You can change the Smack label of your process to “_” by: > > > > # echo _ > /proc/self/attr/current > > # installation command
Just did below test in Tizen 3.0 mobile image (20140114.2) and got confused myself. -----------------------8<------------------------------------------ sh-4.2# ps -Z $$ LABEL PID TTY STAT TIME COMMAND System 377 pts/0 Ss 0:00 /bin/sh - sh-4.2# /bin/echo "_" /proc/self/attr/current _ /proc/self/attr/current sh-4.2# ps -Z $$ LABEL PID TTY STAT TIME COMMAND System 377 pts/0 Ss 0:00 /bin/sh - sh-4.2# chsmack /usr/bin/touch /usr/bin/touch access="_" sh-4.2# touch /file sh-4.2# chsmack /file /file access="System" ------------------------8<------------------------------------- So apparently echo from coreutils didn't change the shell context label, and the later created file still inheriented the smack label of process. ------------------------8<------------------------------------ sh-4.2# echo "_" /proc/self/attr/current _ /proc/self/attr/current sh-4.2# ps -Z $$ LABEL PID TTY STAT TIME COMMAND System 377 pts/0 Ss 0:00 /bin/sh - sh-4.2# chsmack /usr/bin/touch /usr/bin/touch access="_" sh-4.2# touch /file2 sh-4.2# chsmack /file2 /file2 access="System" ------------------------8<---------------------------------------- And this made me confused, as you said, the shell builtin echo should change the smack label of current shell, so the later process started by shell should inherient its label if it has no its own SMACK64EXEC label. So as I understand, the new file /file2 should has "_" access label rather than "System". -- Thanks, Chengwei > > > > Thanks, and sorry for any confusion. > > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev
signature.asc
Description: Digital signature
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
