[systemd-devel] Patch for Smack labelling support in udev

Reshetova, Elena elena.reshetova at intel.com
Thu Jun 20 17:18:16 PDT 2013 

-----Original Message-----
From: Lennart Poettering [mailto:lennart at poettering.net] 
Sent: Thursday, June 20, 2013 10:08 PM
To: Reshetova, Elena

On Wed, 19.06.13 12:09, Reshetova, Elena (elena.reshetova at intel.com) wrote:

> >>>> This is the patch for review for enabling smack labelling for 
> >>>> device
> nodes.
> >>>>
> >>>> The functionality and reasoning is inside. I will be happy to 
> >>>> answer any questions.
> >>>
> >>> So, this needs some HAVE_SMACK ifdeffery at least.
> >>>
> >>> That said, I wonder if we should instead make this a generic 
> >>> XATTR{foobar}="waldo" thing. Kay?
> >>>
> >>
> >> Any update for this? if we use SMACK for udev, it requires it.
> 
> >Lennart's suggestion seems more than reasonable - it would make it 
> >generic
> enough to do:
> 
> >   XATTR{security.SMACK64}="label"
> 
> >which I think is all we need here. Elena, do you need help respinning
this?
> 
> Sorry for the silence, it seems like I totally missed these replies 
> (got buried in my mailbox)!
> 
> Sure, I can make a change, but I am not exactly sure what you mean by
this:
> " XATTR{security.SMACK64}="label"". Adding simple HAVE_SMACK ifdeffery 
> is easy, but the later part I didn't really understand.

>Well, we just want this to be a bit more generic. i.e. we want a generic
XATTR{} concept for udev rules, so that you can set any kind of xattrs, not
just the ones SMACK needs. That way we can nicely handle the SMACK case, but
possibly also handle a lot of >other cases where people just want to use
xattrs. Also the SMACK-specific ifdeffery then just becomes an
XATTR-specific ifdeffery...

Oh, now I understand and indeed makes a lot of sense. Thank you for
explaining! 

> If it is just longer to explain it to me, Auke, you can go ahead and 
> make a change and I will just learn from  looking into it :) 
> Unfortunately, I don't know systemd code well enough.

>Well, you did the initial patch, right? Changing this to be this tiny bit
mor expressive should be easy. But anyway, I'll let you an Auke figure this
out...

Actually the initial patch was done by Brian McGillion (as it says inside
the patch), I was mostly just rebasing it and changing some small things
since I inherited the patch maintenance. But sure, I will do the change
while flying back from my trip, since now I understand what needs to be
done. 

Best Regards,
Elena
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7220 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130621/2f83eb16/attachment.bin>

More information about the systemd-devel mailing list