[systemd-devel] [PATCH] SMACK: Add configuration options. (v3)
Lennart Poettering
lennart at poettering.net
Tue Oct 30 14:56:04 PDT 2012
On Mon, 29.10.12 20:17, Kok, Auke-jan H (auke-jan.h.kok at intel.com) wrote:
> > I also merged the three items in the man page into one, so that people
> > are hopefully less annoyed about "OMG i am not running my stuff with
> > SMACK OMG why is all this stuff in my systemd OMG systemd is bloated
> > OMG". After all people only complain about stuff that appears big even
> > if it is rather trivial in code.
>
> Did you copy the section of the commit message here that states that this
> doesn't add any libraries and just uses fsetxattr()? This may help to deter
> those thoughts... ;^)
I left the commit message intact.
> > hack that up for SMACK? is there a nice way to detect whether SMACK is
> > in the kernel and enabled?
>
> yes, you can detect it by reading /proc/filesystems and checking for
> "smackfs", and
> if mounted, that it's enabled.
Hmm, I think it's a good idea to mount all API VFS that are around,
regardless whether the subsystem they are used for is actually really
enabled. Isn't there a nicer way how to detect whether a SMACK policy is
actually loaded?
> bootchart first though, grrr ;^)
Haven*t forgotten that, will look into it soon. Promised!
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list