[systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd
Lennart Poettering
lennart at poettering.net
Wed Feb 19 07:06:03 PST 2014
On Wed, 19.02.14 15:44, Łukasz Stelmach (l.stelmach at samsung.com) wrote:
> > Also, please move the #ifdef HAVE_SMACK checks inside of this function
> > and make it a NOP on non-SMACK builds. That way we only have one #ifdef
> > check for this and not one for each invocation of the function. The
> > compiler should be smart away to suppress the function if it empty.
>
> I am not sure about that. If we want smack_relabel_in_dev() to return a
> value and call it from label_fix()
>
> --8<---------------cut here---------------start------------->8---
> int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
> int r = 0;
>
> #ifdef HAVE_SELINUX
> [...]
> #endif
> smack_relabel_in_dev(path);
>
> return r;
> }
> --8<---------------cut here---------------end--------------->8---
>
> then it seems better to write
>
> --8<---------------cut here---------------start------------->8---
> #elif defined(HAVE_SMACK)
> r = smack_relabel_in_dev(path);
> #endif
> --8<---------------cut here---------------end--------------->8---
>
> and be able to add support for a yet undetermined security framework
> below assuming systemd can have support for only one fw compiled in. How
> to have support for more than one security fw reasonably compiled in? (I
> think this is the moment to create the pattern).
Well, the other option is to simply place the smack relabelling code
directly in label_fix(), which would map 1:1 what we do for selinux.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list