[Toybox] integration of SMACK

James McMechan james_mcmechan at hotmail.com
Wed May 6 13:19:57 PDT 2015 

Looking at the fixes:

toys/other/stat.c for group name outputting the user name seems like a good catch

toys/posix/cp.c you are treating -p like --preserve=all not like -p which only does mode,ownership,timestamps
according to the man page -p does not copy over xattrs at all, which seems kind of odd...

toys/posix/id.c seems to lose the TOYBOX_USR flag which I think insures it is in /usr/bin like the regular version.

this is the second case where your are using 
(TOYBOX_SELINUX || TOYBOX_SMACK)
perhaps you should add a hidden symbol like TOYBOX_SECURITY that could have all the various versions || together and use that in place of doing it by hand each time for the ??_SECURITY symbol.

also you pulled the
if (CFG_TOYBOX_FREE) free(context);
up into the two if statements rather leaving it after both like it was. It should work as a good compiler will do tail combining but just having it sitting at the end is both clearer and shorter because both cases fall through to the same code.
The lines 151-169 look like a extra string e.g. "LSM Smack Disabled" vs "SELinux Disabled" and a slight shuffling of the if statements could make that much shorter both halves seem to be almost identical...


toybox/posix/mkdir.c does the normal mkdir really reset the process label for all future use when you use -p & -Z ? should it set it back to normal when the command is done? or is that per process context that vanishes on exit?


            
              toys/posix/mkfifo.c lost TOYBOX_USR


I could not find any way to comment on git hub directly though.

Jim

            
          
        

----------------------------------------
> From: jobol at nonadev.net
> To: enh at google.com
> Date: Wed, 6 May 2015 15:27:14 +0200
> CC: toybox at lists.landley.net
> Subject: Re: [Toybox] integration of SMACK
>
> Le mardi 05 mai 2015 à 08:53 -0700, enh a écrit :
>> a few comments...
>>
>>
>> +config MKNOD_SMACK
>>
>>
>> we should probably call these something more generic because we know
>> i'll be along a day later after the hard part is done adding the
>> SELinux variant :-) right now (including your patch) it looks like we
>> have TOY_SELINUX, TOY_SMACK, TOY_SECURITY, and TOY_Z all in
>> circulation. although i added TOY_Z just the other day, maybe
>> TOY_SECURITY is the best choice? anyway, if rob lets us know which he
>> prefers, it's probably helpful if we stick to one idiom.
>>
>>
>> (using SMACK at least lets me grep for stuff i need to look at, but i
>> don't know whether to use SECURITY or Z when i do.)
>
> Hi all, Hi Elliott, Hi Rob,
>
> I just made a new proposal with your remarks and using SECURITY config
> keyword for both SELINUX and SMACK.
>
> You'll find it here:
>
> https://github.com/jobol/toybox/tree/smack-8
>
> I reviewed the printing of ls and my proposal looks good. I know that
> passing the dirfd as parameter is not that good but it works well this
> way. About the problem of help for ls, it remains.
>
> Best regards
> José Bollo
>
> PS: I made a pull request for the tool stat
>
> rePS: Fill free to use github to comment my proposal line by line
>
> rerePS: When consistent, prefixing the summary of the comment by the
> name of the tool looks good to me
>
> rererePS: Going to the wind now...
>
> _______________________________________________
> Toybox mailing list
> Toybox at lists.landley.net
> http://lists.landley.net/listinfo.cgi/toybox-landley.net
 		 	   		  
 1430943597.0

More information about the Toybox mailing list