[systemd-devel] [PATCH] SMACK: Add configuration options. (v3)
Schaufler, Casey
casey.schaufler at intel.com
Tue Oct 30 15:54:44 PDT 2012
> -----Original Message-----
> From: Lennart Poettering [mailto:lennart at poettering.net]
> Sent: Tuesday, October 30, 2012 3:47 PM
> To: Schaufler, Casey
> Cc: Kok, Auke-jan H; systemd-devel at lists.freedesktop.org
> Subject: Re: [PATCH] SMACK: Add configuration options. (v3)
>
> On Tue, 30.10.12 22:35, Schaufler, Casey (casey.schaufler at intel.com)
> wrote:
>
> > > Hmm, I think it's a good idea to mount all API VFS that are around,
> > > regardless whether the subsystem they are used for is actually
> > > really enabled. Isn't there a nicer way how to detect whether a
> > > SMACK policy is actually loaded?
> >
> > Unlike some other security systems, Smack does not do Bad Things when
> > there is no "policy" loaded. The out-of-the-box behavior, with no
> > configuration, actually is rational in some situations.
>
> Well, be that as it may, people might still want to known whether there
> is a policy loaded and SMACK fully setup and initialized. Is there a
> way to find that out?
Running "wc -l" and looking for a non-zero result should do the trick.
(BTW: "Smack" is preferred to "SMACK")
>
> Lennart
>
> --
> Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list