[systemd-devel] [RFC] tmpfiles.d with mac_label
As we know we can make a direcory or link or file or some others by using tmpfiles.d. But we can not apply mac_label on there when after that is genreated. How about add mac_label field on tmpfiles.d? Actually, now we can not assign a mac_label to newly generated directory. So we make a script which include mkdir/chsmack. (I'm not sure chsmack is official tool for get/set SMACK label. Anyway.) If tmpfiles.d have a field for mac_label then we don't need such a terrible scripts. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [RFC] tmpfiles.d with mac_label
On 10/23/2014 05:34 PM, WaLyong Cho wrote:
As we know we can make a direcory or link or file or some others by
using tmpfiles.d. But we can not apply mac_label on there when after
that is genreated.
How about add mac_label field on tmpfiles.d? Actually, now we can not
assign a mac_label to newly generated directory. So we make a script
which include mkdir/chsmack. (I'm not sure chsmack is official tool for
get/set SMACK label. Anyway.) If tmpfiles.d have a field for mac_label
then we don't need such a terrible scripts.
If you agree, SECLABEL{module} format will appropriate for that like
udev rules.
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [RFC] tmpfiles.d with mac_label
3.10.2014 at 10:34 WaLyong Cho walyong@gmail.com wrote: As we know we can make a direcory or link or file or some others by using tmpfiles.d. But we can not apply mac_label on there when after that is genreated. Last year I've proposed patch, that was adding xattr option to tmpfiles (which can be used for SMACK labeling). This is latest patch: http://lists.freedesktop.org/archives/systemd-devel/2013-December/015053.html Problem was, that upstream wanted me to use str/strv API, which unfortunately didn't work well in my case. How about add mac_label field on tmpfiles.d? Actually, now we can not assign a mac_label to newly generated directory. So we make a script which include mkdir/chsmack. (I'm not sure chsmack is official tool for get/set SMACK label. Anyway.) If tmpfiles.d have a field for mac_label then we don't need such a terrible scripts. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel regards, -- Maciej Wereski Samsung RD Institute Poland Samsung Electronics m.were...@partner.samsung.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [RFC] tmpfiles.d with mac_label
On Thu, 23.10.14 11:03, Maciej Wereski (m.were...@partner.samsung.com) wrote: 3.10.2014 at 10:34 WaLyong Cho walyong@gmail.com wrote: As we know we can make a direcory or link or file or some others by using tmpfiles.d. But we can not apply mac_label on there when after that is genreated. Last year I've proposed patch, that was adding xattr option to tmpfiles (which can be used for SMACK labeling). This is latest patch: http://lists.freedesktop.org/archives/systemd-devel/2013-December/015053.html Problem was, that upstream wanted me to use str/strv API, which unfortunately didn't work well in my case. I still think this xattr approach is the way to go. Note that for the usage by the sysusers tool I wrote a completely new word parser in unquote_many_words() that deals in a much saner way with quotation marks. We really should rework tmpfiles to make use of that. That should deal with many of the quoting problems? Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
