[Toybox] Regarding mkdir & id for smack

Rob Landley rob at landley.net
Sun May 31 23:46:57 PDT 2015


On Mon, Jun 1, 2015 at 1:29 AM, Hyejin Kim <hj8296 at gmail.com> wrote:
> Hi.
>
> This time _mkdir_ and _id_ were verified for smack behavior.

Sorry I've been AWOL: still in Japan through the 7th. (Giving a talk
at LinuxCon Japan on thursday:
http://lccojapan2015.sched.org/event/860288ccda595208a5d7337d31c6075c#.VWv3sR-1XVN
if you're curious. :)

> -Z option of the 2 can print security label.
>
> But,  there is a meager issue.
>
> 1) "toybox mkdir --help" does not display -Z option is supported

Yeah, I have a todo item for that. My help text collating
infrastructure is hiccuping, I'm not sure why yet. (Known issue, my
bad, I intend to fix it before cutting a release. Tentatively thinking
somewhere around the 15th, maybe? I need to get home and then have a
week to deal with backlog...)

> 2) "toybox id -Znr" can print something while "coreutils' id -Znr" gives
> error message.

I still haven't got a smack build environment, but I can build
selinux, and it goes:

  $ ./toybox id -Znr
  id: SELinux disabled

And that exited with an error code of 1.

The test is:

// This turns into "return 0" when no LSM and lets code optimize out.
static inline int lsm_enabled(void)
{
  if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
  else return is_selinux_enabled() == 1;
}

So if built with SMACK and smack_smackfs_path() returns NULL, then
lsm_enabled() should return 0 and we should get the disabled message.

(I note that there's an lsm_name() function so it should say Smack
disabled instead of SELinux for you.)

Is it not doing that?

Rob

 1433141217.0


More information about the Toybox mailing list