[systemd-devel] Patch for Smack labelling support in udev
Reshetova, Elena
elena.reshetova at intel.com
Tue Jun 25 08:23:02 PDT 2013
Hi,
Here is the draft for the changed patch. Is it along the lines you were
thinking about?
Please ignore the small details such as cosmetics and etc. now: I am still
planning to test it properly and cleanup, but first I want to understand if
I am moving towards the right way.
Best Regards,
Elena.
-----Original Message-----
From: Lennart Poettering [mailto:lennart at poettering.net]
Sent: Thursday, June 20, 2013 10:08 PM
To: Reshetova, Elena
Cc: Kok, Auke-jan H; Kyungmin Park; Schaufler, Casey;
systemd-devel at lists.freedesktop.org; walyong.cho at samsung.com; Ware, Ryan R
Subject: Re: [systemd-devel] Patch for Smack labelling support in udev
On Wed, 19.06.13 12:09, Reshetova, Elena (elena.reshetova at intel.com) wrote:
> >>>> This is the patch for review for enabling smack labelling for
> >>>> device
> nodes.
> >>>>
> >>>> The functionality and reasoning is inside. I will be happy to
> >>>> answer any questions.
> >>>
> >>> So, this needs some HAVE_SMACK ifdeffery at least.
> >>>
> >>> That said, I wonder if we should instead make this a generic
> >>> XATTR{foobar}="waldo" thing. Kay?
> >>>
> >>
> >> Any update for this? if we use SMACK for udev, it requires it.
>
> >Lennart's suggestion seems more than reasonable - it would make it
> >generic
> enough to do:
>
> > XATTR{security.SMACK64}="label"
>
> >which I think is all we need here. Elena, do you need help respinning
this?
>
> Sorry for the silence, it seems like I totally missed these replies
> (got buried in my mailbox)!
>
> Sure, I can make a change, but I am not exactly sure what you mean by
this:
> " XATTR{security.SMACK64}="label"". Adding simple HAVE_SMACK ifdeffery
> is easy, but the later part I didn't really understand.
Well, we just want this to be a bit more generic. i.e. we want a generic
XATTR{} concept for udev rules, so that you can set any kind of xattrs, not
just the ones SMACK needs. That way we can nicely handle the SMACK case, but
possibly also handle a lot of other cases where people just want to use
xattrs. Also the SMACK-specific ifdeffery then just becomes an
XATTR-specific ifdeffery...
> If it is just longer to explain it to me, Auke, you can go ahead and
> make a change and I will just learn from looking into it :)
> Unfortunately, I don't know systemd code well enough.
Well, you did the initial patch, right? Changing this to be this tiny bit
mor expressive should be easy. But anyway, I'll let you an Auke figure this
out...
Lennart
--
Lennart Poettering - Red Hat, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Adding-extended-attribute-support-for-udev-nodes-lab.patch
Type: application/octet-stream
Size: 9950 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130625/068bc699/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7220 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20130625/068bc699/attachment.bin>
More information about the systemd-devel
mailing list