[Toybox] Regarding mkdir & id for smack

Hyejin Kim hj8296 at gmail.com
Mon Jun 1 02:39:40 PDT 2015 

Hi. I did answer below.
2015-06-01 15:46 GMT+09:00 Rob Landley <rob at landley.net>:

> On Mon, Jun 1, 2015 at 1:29 AM, Hyejin Kim <hj8296 at gmail.com> wrote:
> > Hi.
> >
> > This time _mkdir_ and _id_ were verified for smack behavior.
>
> Sorry I've been AWOL: still in Japan through the 7th. (Giving a talk
> at LinuxCon Japan on thursday:
>
> http://lccojapan2015.sched.org/event/860288ccda595208a5d7337d31c6075c#.VWv3sR-1XVN
> if you're curious. :)
>

The link may be wrong. it can't be opened. Can you check one more?
I want to share this with my co-workers.


>
> > -Z option of the 2 can print security label.
> >
> > But,  there is a meager issue.
> >
> > 1) "toybox mkdir --help" does not display -Z option is supported
>
> Yeah, I have a todo item for that. My help text collating
> infrastructure is hiccuping, I'm not sure why yet. (Known issue, my
> bad, I intend to fix it before cutting a release. Tentatively thinking
> somewhere around the 15th, maybe? I need to get home and then have a
> week to deal with backlog...)
>
> > 2) "toybox id -Znr" can print something while "coreutils' id -Znr" gives
> > error message.
>
> I still haven't got a smack build environment, but I can build
> selinux, and it goes:
>
>   $ ./toybox id -Znr
>   id: SELinux disabled
>

In tizen SDK, -Znr option print like below :

$./toybox id -Znr
context=sdbd

Of course, it is tested under root privilege and SMACK is also enabled.

Coreutils's id prints : "id: cannot print only names or real IDs in default
format".


>
> And that exited with an error code of 1.
>
> The test is:
>
> // This turns into "return 0" when no LSM and lets code optimize out.
> static inline int lsm_enabled(void)
> {
>   if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
>   else return is_selinux_enabled() == 1;
> }
>
> So if built with SMACK and smack_smackfs_path() returns NULL, then
> lsm_enabled() should return 0 and we should get the disabled message.
>
> (I note that there's an lsm_name() function so it should say Smack
> disabled instead of SELinux for you.)
>
> Is it not doing that?
>
> Rob
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20150601/84ec62a4/attachment-0003.htm>

More information about the Toybox mailing list