[Toybox] integration of SMACK
José Bollo
jobol at nonadev.net
Thu May 7 07:51:43 PDT 2015
Le mercredi 06 mai 2015 à 13:19 -0700, James McMechan a écrit :
> Looking at the fixes:
>
> toys/other/stat.c for group name outputting the user name seems like a good catch
>
> toys/posix/cp.c you are treating -p like --preserve=all not like -p which only does mode,ownership,timestamps
> according to the man page -p does not copy over xattrs at all, which seems kind of odd...
>
> toys/posix/id.c seems to lose the TOYBOX_USR flag which I think insures it is in /usr/bin like the regular version.
>
> this is the second case where your are using
> (TOYBOX_SELINUX || TOYBOX_SMACK)
> perhaps you should add a hidden symbol like TOYBOX_SECURITY that could have all the various versions || together and use that in place of doing it by hand each time for the ??_SECURITY symbol.
>
> also you pulled the
> if (CFG_TOYBOX_FREE) free(context);
> up into the two if statements rather leaving it after both like it was. It should work as a good compiler will do tail combining but just having it sitting at the end is both clearer and shorter because both cases fall through to the same code.
> The lines 151-169 look like a extra string e.g. "LSM Smack Disabled" vs "SELinux Disabled" and a slight shuffling of the if statements could make that much shorter both halves seem to be almost identical...
>
>
> toybox/posix/mkdir.c does the normal mkdir really reset the process label for all future use when you use -p & -Z ? should it set it back to normal when the command is done? or is that per process context that vanishes on exit?
>
>
>
> toys/posix/mkfifo.c lost TOYBOX_USR
>
>
> I could not find any way to comment on git hub directly though.
>
> Jim
(snip)
Hello,
>From your comments, I made big changes that can be seen here
https://github.com/jobol/toybox/tree/smack-9
It introduces the files lib/security.[ch] to coalesce security stuff, as
was suggested Elliott.
It also introduce SECURITY_(NONE|SMACK|SELINUX) macros... To be
discussed I think.
It also fix some bugs that I found.
Remains 2 problems:
- the cp -p that I want to fix now
- the good alignment of special files in ls
Thank you again for the review
Best regards
José Bollo
1431010303.0
More information about the Toybox
mailing list