Re: [systemd-devel] [PATCH] SMACK: assign * label to /tmp when using SMACK.

Tue, 12 Nov 2013 06:19:36 -0800 

On Tue, Nov 12, 2013 at 03:16:17PM +0100, Karel Zak wrote:
> On Fri, Nov 01, 2013 at 09:19:27AM -0700, Kok, Auke-jan H wrote:
> > On Fri, Nov 1, 2013 at 12:57 AM, Karel Zak <k...@redhat.com> wrote:
> > > On Thu, Oct 31, 2013 at 01:20:18PM -0700, Kok, Auke-jan H wrote:
> > >> >  BTW, for SELinux we remove selinux specific mount options in
> > >> >  userspace (in mount(8)) if the kernel does not support selinux.
> > >> >
> > >> >  It help us to make command line or fstab setting independent on the
> > >> >  current kernel features.
> > >> >
> > >> >  Maybe we can use the same for SMACK, is there any way how to
> > >> >  determine that the system uses SMACK? (/proc/<something> or so...).
> > >> >  -- for selinux we check for /sys/fs/selinux or /selinux.
> > >>
> > >> Ohh yes that would be so nice.
> > >>
> > >> You've got your choice for detecting smack, but I like
> > >> stat(/sys/fs/smackfs) == 0 the best so far. You can parse
> > >> /proc/filesystems for smackfs too, but that's obviously more complex.
> > >> This method works with 3.9 and above, as that's when we made sysfs
> > >> hold the mount point for smackfs.
> > >>
> > >> I assume we're talking about this code here:
> > >>
> > >> https://github.com/karelzak/util-linux/blob/master/libmount/src/context_mount.c#L181
> > >
> > >  Yes, the "se_rem" code (with SELinux is it tricky, because old
> > >  kernels don't support selinux options remount, options duplication is
> > >  problem etc.. I guess that for SMACK it will be less complex :-).
> > >
> > >  Do you have somewhere list of the smack mount options? I'll prepare
> > >  the patch.
> > 
> > Yes, the authoritative documentation is the code:
> > 
> > https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/tree/security/smack/smack.h#n143
> 
> 
>  OK, implemented:
>  
> https://github.com/karelzak/util-linux/commit/b8095d25bae0588dfce8a62169f6db5496cf45c5

 Oh, there is a typo in the /sys/fs/smackfs path, fixed. Sorry.

    Karel

-- 
 Karel Zak  <k...@redhat.com>
 http://karelzak.blogspot.com
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Reply via email to