[systemd-devel] [PATCH] smack: introduce new SmackLabelExec option
Lennart Poettering
lennart at poettering.net
Thu Nov 6 16:35:02 PST 2014
On Fri, 07.11.14 04:17, WaLyong Cho (walyong.cho at gmail.com) wrote:
> SMACK64
> Used to make access control decisions. In almost all cases
> the label given to a new filesystem object will be the label
> of the process that created it.
> SMACK64EXEC
> The Smack label of a process that execs a program file with
> this attribute set will run with this attribute's value.
I am sorry, but I cannot parse this.
"The smack label .... will run with this attribute's value"? smack
labels "run"? That sentence makes no sense to me at all...
Again, what kind of objects are SMACK64 and SMACK64EXEC applied to?
files? processes?
> (I think I'd confused. We should use SMACK64 or SmackLabel instead
> SMACK64EXEC or SmackLabelExec in here.)
>
> Auke, what do you think?
Now I am even more confused than I was before...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list