[Toybox] Squinting at LSM support in cp.
Hyejin Kim
hj8296 at gmail.com
Tue Jun 30 22:17:06 PDT 2015
There is a reference in tizen, repository called external/tizen-coreutils
It has a patch to cover smack feature into some commands.
https://review.tizen.org/gerrit/gitweb?p=external/tizen-coreutils.git;a=blob;f=packaging/coreutils-6.9-smack.patch;h=1ac188e50938d51c4ac8f2ce605580ee1b8da2f0;hb=HEAD
(If you can't access this, plz register account or let me know)
I guess it will be helpful that you understand their intention more.
As Jose mentioned, there is one more xattr for directory, named
security.SMACK64TRANSMUTE (Now what we are using to save label is
security.SMACK64)
plz, refer to the explanation.
What is __security.SMACK64TRANSMUTE__ ?
==> Can only have the value "TRUE".
If this attribute is present on a directory when an object is created in
the directory and the Smack rule (more below) that permitted the write
access to the directory includes the transmute ("t") mode
the object gets the label of the directory instead of the label of the
creating process. If the object being created is a directory the
SMACK64TRANSMUTE attribute is set as well.
For this reason, I guess that a file can't have a bucket of labels. and
security.SMACK64 xattr is just one per a file or path.
Further, above link doesnt call flistxattr() like Jose did for cp command.
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.landley.net/pipermail/toybox-landley.net/attachments/20150701/3e12f407/attachment-0004.htm>
More information about the Toybox
mailing list