[systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd

Łukasz Stelmach l.stelmach at samsung.com
Thu Feb 20 03:01:57 PST 2014 

It was <2014-02-19 śro 20:05>, when Zbigniew Jędrzejewski-Szmek wrote:
> On Wed, Feb 19, 2014 at 04:17:15PM +0100, Łukasz Stelmach wrote:
>> It was <2014-02-19 śro 16:05>, when Zbigniew Jędrzejewski-Szmek wrote:
>> > On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote:
>> >> How to have support for more than one security fw reasonably
>> >> compiled in? (I think this is the moment to create the pattern).
>> > Why not? It would be rather constraining for a distribution which wants
>> > to support more than one. systemd should just perform the steps necessary
>> > for all compiled frameworks compiled in, silently ignoring failures coming
>> > from missing frameworks.
>> 

[...]

>> The most robust way for systemd is:
>> 1) to check in runtime which frameworks are supported,
> We have use_selinux(), use_apparmor(), use_smack().
>
>> 2) to attempt an action for every one of them,
>> 3) to return an error if ANY of the actions fail.
>
> In general yes, but different frameworks need hooks in different places.
> So we generally insert a call to a function specific to a framework,
> and inside this function, a use_*() test is performed, and suitably,
> either nothing is done or the setup is performed. If an error happens,
> it is up to this function to decide whether silent failure, warning,
> or an error are warranted.

OK, how about this?

https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=commitdiff;h=4879ed0a3b3942ed0188c2b5a5633f22847ebe76;hp=6300b3eca9e5261b73bd7f1bb9735992b127cd80

https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=blob;f=src/shared/label.c;h=89939217e3d9bce011c125b504978571e7b57c22;hb=4879ed0a3b3942ed0188c2b5a5633f22847ebe76

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140220/f20845df/attachment.pgp>

More information about the systemd-devel mailing list