[systemd-devel] Patch for Smack labelling support in udev

Reshetova, Elena elena.reshetova at intel.com
Tue Jul 9 06:47:08 PDT 2013


Does the attached patch look better? I have fixed the sequence of xattr 
processing (now just after uid, gid, mode and etc.) + switched to use a list 
for collecting the xattrs.
I think it is more generic to allow many xattrs to be set for one node, since 
it is normal use case.

Best Regards,

-----Original Message-----
From: Kay Sievers [mailto:kay at vrfy.org]
Sent: Wednesday, July 03, 2013 2:23 PM
To: Reshetova, Elena
Cc: Lennart Poettering; systemd-devel at lists.freedesktop.org; Ware, Ryan R; 
Schaufler, Casey; walyong.cho at samsung.com
Subject: Re: [systemd-devel] Patch for Smack labelling support in udev

On Wed, Jul 3, 2013 at 1:04 PM, Reshetova, Elena <elena.reshetova at intel.com> 

>>Things like:
>>  ..., XATTR{foo}="foo", XATTR{bar}="bar"
>>would just eat the entire foo key. That is intentional? We usually
>>have lists for that, or we would not allow 2 keys ...
> Hm.. Do we want to allow multiple xattr setup on the same node?

I don't know. But we need to sure what we want and document it that way. :)

> I guess this
> can make sense if for example one is to setup the security label and
> another one some other attribute.
> So, I guess then it has to be stored in a list. I will take a look on
> how it is done for other cases.
> Could you please point to the right example on how such case is
> handled in udev (maybe from other permissions or attributes)? Some
> particular case that I should take as an example?

udev_list_entry_add(&event->run_list, ...

and quite a few other examples.

>>If pairs of values that belong to each other are allocated, we better
>>check if we run into allocation problems. Udev ignores that in some
>>places and goes ahead as the value would not have been set at all. But
>>with pairs, we should not end up with inconsistent pairs which have only the 
>>name or the value set.
>>  if ((xattr_name) && (xattr_label))
>>should then just become:
>>  if (xattr_name)
> OK, and then I guess I would need to check during parcing that they
> are both set correctly and unset the other one, if one is missing, right?

Yeah, it's pretty simple: just always leave a clean state, or give up where 
the error happens. Do leave invalid/partial data around and try to cope with 
it later.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Adding-extended-attribute-support-for-udev-nodes-lab.patch
Type: application/octet-stream
Size: 10220 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130709/b58c14e2/attachment-0001.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7220 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130709/b58c14e2/attachment-0001.bin>

More information about the systemd-devel mailing list