[Toybox] Regarding mkdir & id for smack
Rob Landley
rob at landley.net
Sun May 31 23:46:57 PDT 2015
On Mon, Jun 1, 2015 at 1:29 AM, Hyejin Kim <hj8296 at gmail.com> wrote:
> Hi.
>
> This time _mkdir_ and _id_ were verified for smack behavior.
Sorry I've been AWOL: still in Japan through the 7th. (Giving a talk
at LinuxCon Japan on thursday:
http://lccojapan2015.sched.org/event/860288ccda595208a5d7337d31c6075c#.VWv3sR-1XVN
if you're curious. :)
> -Z option of the 2 can print security label.
>
> But, there is a meager issue.
>
> 1) "toybox mkdir --help" does not display -Z option is supported
Yeah, I have a todo item for that. My help text collating
infrastructure is hiccuping, I'm not sure why yet. (Known issue, my
bad, I intend to fix it before cutting a release. Tentatively thinking
somewhere around the 15th, maybe? I need to get home and then have a
week to deal with backlog...)
> 2) "toybox id -Znr" can print something while "coreutils' id -Znr" gives
> error message.
I still haven't got a smack build environment, but I can build
selinux, and it goes:
$ ./toybox id -Znr
id: SELinux disabled
And that exited with an error code of 1.
The test is:
// This turns into "return 0" when no LSM and lets code optimize out.
static inline int lsm_enabled(void)
{
if (CFG_TOYBOX_SMACK) return !!smack_smackfs_path();
else return is_selinux_enabled() == 1;
}
So if built with SMACK and smack_smackfs_path() returns NULL, then
lsm_enabled() should return 0 and we should get the disabled message.
(I note that there's an lsm_name() function so it should say Smack
disabled instead of SELinux for you.)
Is it not doing that?
Rob
1433141217.0
More information about the Toybox
mailing list