[systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd

Łukasz Stelmach l.stelmach at samsung.com
Thu Feb 20 03:01:57 PST 2014

It was <2014-02-19 śro 20:05>, when Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, Feb 19, 2014 at 04:17:15PM +0100, Łukasz Stelmach wrote:
>> It was <2014-02-19 śro 16:05>, when Zbigniew Jędrzejewski-Szmek wrote:
>> > On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote:
>> >> How to have support for more than one security fw reasonably
>> >> compiled in? (I think this is the moment to create the pattern).
>> > Why not? It would be rather constraining for a distribution which wants
>> > to support more than one. systemd should just perform the steps necessary
>> > for all compiled frameworks compiled in, silently ignoring failures coming
>> > from missing frameworks.


>> The most robust way for systemd is:
>> 1) to check in runtime which frameworks are supported,
> We have use_selinux(), use_apparmor(), use_smack().
>> 2) to attempt an action for every one of them,
>> 3) to return an error if ANY of the actions fail.
> In general yes, but different frameworks need hooks in different places.
> So we generally insert a call to a function specific to a framework,
> and inside this function, a use_*() test is performed, and suitably,
> either nothing is done or the setup is performed. If an error happens,
> it is up to this function to decide whether silent failure, warning,
> or an error are warranted.

OK, how about this?



Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140220/f20845df/attachment.pgp>

More information about the systemd-devel mailing list