[systemd-devel] [PATCH] SMACK: assign * label to /tmp when using SMACK.
Karel Zak
kzak at redhat.com
Fri Nov 1 08:57:26 CET 2013
On Thu, Oct 31, 2013 at 01:20:18PM -0700, Kok, Auke-jan H wrote:
> > BTW, for SELinux we remove selinux specific mount options in
> > userspace (in mount(8)) if the kernel does not support selinux.
> >
> > It help us to make command line or fstab setting independent on the
> > current kernel features.
> >
> > Maybe we can use the same for SMACK, is there any way how to
> > determine that the system uses SMACK? (/proc/<something> or so...).
> > -- for selinux we check for /sys/fs/selinux or /selinux.
>
> Ohh yes that would be so nice.
>
> You've got your choice for detecting smack, but I like
> stat(/sys/fs/smackfs) == 0 the best so far. You can parse
> /proc/filesystems for smackfs too, but that's obviously more complex.
> This method works with 3.9 and above, as that's when we made sysfs
> hold the mount point for smackfs.
>
> I assume we're talking about this code here:
>
> https://github.com/karelzak/util-linux/blob/master/libmount/src/context_mount.c#L181
Yes, the "se_rem" code (with SELinux is it tricky, because old
kernels don't support selinux options remount, options duplication is
problem etc.. I guess that for SMACK it will be less complex :-).
Do you have somewhere list of the smack mount options? I'll prepare
the patch.
BTW, the options should be also documented in mount.8 man page :-)
Karel
--
Karel Zak <kzak at redhat.com>
http://karelzak.blogspot.com
More information about the systemd-devel
mailing list