[systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd

Lennart Poettering lennart at poettering.net
Wed Feb 19 07:06:03 PST 2014


On Wed, 19.02.14 15:44, Łukasz Stelmach (l.stelmach at samsung.com) wrote:

> > Also, please move the #ifdef HAVE_SMACK checks inside of this function
> > and make it a NOP on non-SMACK builds. That way we only have one #ifdef
> > check for this and not one for each invocation of the function. The
> > compiler should be smart away to suppress the function if it empty.
> 
> I am not sure about that. If we want smack_relabel_in_dev() to return a
> value and call it from label_fix()
> 
> --8<---------------cut here---------------start------------->8---
> int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
>         int r = 0;
> 
> #ifdef HAVE_SELINUX
> [...]
> #endif
>         smack_relabel_in_dev(path);
> 
>         return r;
> }
> --8<---------------cut here---------------end--------------->8---
> 
> then it seems better to write
> 
> --8<---------------cut here---------------start------------->8---
> #elif defined(HAVE_SMACK)
>         r = smack_relabel_in_dev(path);
> #endif
> --8<---------------cut here---------------end--------------->8---
> 
> and be able to add support for a yet undetermined security framework
> below assuming systemd can have support for only one fw compiled in. How
> to have support for more than one security fw reasonably compiled in? (I
> think this is the moment to create the pattern).

Well, the other option is to simply place the smack relabelling code
directly in label_fix(), which would map 1:1 what we do for selinux.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list