On Thu, Oct 31, 2013 at 12:00 PM, Karel Zak <k...@redhat.com> wrote: > On Tue, Oct 29, 2013 at 01:27:07PM +0100, Lennart Poettering wrote: >> On Tue, 29.10.13 16:02, WaLyong Cho (walyong....@samsung.com) wrote: >> >> > >> Hmm, here's an idea: there has been a long standig feature request to >> > >> add a configurable boolean to mount unit files that controls >> > >> /bin/mount's "-s" switch. Let's say we call it >> > >> "SloppyOptions=yes/no", or so. Then, we could set this for this unit >> > >> file and apply the rest of the patch and things should work, and where >> > >> they don't we can easily reassign to the kernel to respect the "-s" flag >> > >> properly. >> > >> >> > >> Doing a patch that allows "-s" to be controlled should be fairly easy, >> > >> would be happy to merge a patch for that! >> > > ahhh I hadn't even seen -s in /bin/mount yet, so I can see this >> > > helping out a lot. >> > > >> > > I'd be okay with a solution like that, it would certainly simplify >> > > things a lot, but we need to be careful not to overload mount options >> > > with all sorts of nonstandard options - it will make problems harder >> > > to debug and for some of these security enabled systems we will most >> > > likely want to actually _not_ use -s. After all, we want to make sure >> > > we're actually booting with properly setup Smack options e.g. a typo >> > > in 'nodev,nosuid,nexec' could be disastrous. (typo deliberate). >> > > >> > > Auke >> > > >> > I am not sure we can use the -s option. First I tried that in my fedora >> > machine. >> > >> > # mount -t tmpfs -s -o mode=1777,strictatime,smackfsroot=* tmpfs /test > > > BTW, for SELinux we remove selinux specific mount options in > userspace (in mount(8)) if the kernel does not support selinux. > > It help us to make command line or fstab setting independent on the > current kernel features. > > Maybe we can use the same for SMACK, is there any way how to > determine that the system uses SMACK? (/proc/<something> or so...). > -- for selinux we check for /sys/fs/selinux or /selinux.
Ohh yes that would be so nice. You've got your choice for detecting smack, but I like stat(/sys/fs/smackfs) == 0 the best so far. You can parse /proc/filesystems for smackfs too, but that's obviously more complex. This method works with 3.9 and above, as that's when we made sysfs hold the mount point for smackfs. I assume we're talking about this code here: https://github.com/karelzak/util-linux/blob/master/libmount/src/context_mount.c#L181 ? Auke _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
