[systemd-devel] Patch for Smack labelling support in udev

[Kok, Auke-jan H]

On Wed, Jul 24, 2013 at 3:15 AM, Reshetova, Elena
<elena.reshetova at intel.com> wrote:
> -----Original Message-----
> From: Kay Sievers [mailto:kay at vrfy.org]
> Sent: Tuesday, July 16, 2013 10:12 PM
> To: Reshetova, Elena
> Cc: Lennart Poettering; systemd-devel at lists.freedesktop.org; Ware, Ryan R;
> Schaufler, Casey; walyong.cho at samsung.com
> Subject: Re: [systemd-devel] Patch for Smack labelling support in udev
>
> On Tue, Jul 9, 2013 at 4:34 PM, Reshetova, Elena <elena.reshetova at intel.com>
> wrote:
>>> -static int node_permissions_apply(struct udev_device *dev, bool
>>> apply, mode_t mode, uid_t uid, gid_t gid)
>>> +static int node_permissions_apply(struct udev_device *dev, bool
>>> +apply,
>>> mode_t mode,
>>> +                                  uid_t uid, gid_t gid, struct
>>> +udev_list xattr_list)
>>
>>>Guess we better pass the udev_list as a const pointer here.
>>
>> Ups, sorry, missed this one, of course it won't even work this way (I
>> haven't tried to run it yet ...
>
>>It looks like it could work, but please test it and make sure it does the
>>right thing before we go ahead from here.
>
> OK, so now I have tested it and with one minor fix (passing a list entry and
> not the whole list in udev-node) it works just fine.
> I am able to setup one or more xattrs on device node using the syntax
>
> XATTR{attr_name}="value"
>
> For example, I can set a couple of smack-related xattrs in one go like
> XATTR{security.SMACK64}="*", XATTR{security.SMACK64EXEC}="*".
> Doesn't make sense from smack point of view (only smack64 is really meaningful
> on device nodes), but proves that functionality works.

right, but we could be setting other non-SMACK xattrs now all in one
go - for example, SELINUX ones ("security.selinux").

> I am attaching the patch.

Kay,

This looks OK to me, can you take another look at it?

Auke