On Fri, Jan 24, 2014 at 9:26 AM, Schaufler, Casey
<[email protected]> wrote:
> Let me go just a tiny bit further. For "regular" logins (not root) the home
> directory should always be User. At least until Multi-user is sufficiently
> solid that we start thinking about giving each user their own Smack domain. I
> don't expect that to happen soon. The only exception will be root logins.
> When you log in as root you are expected to know what you're doing. Further,
> whatever Smack label you get (floor, System or User) is not going to be right
> for what you want to do about 2/3 of the time.
>
> So why not set the Smack label for ssh sessions to be User in all cases? That
> will be right for all non-root logins and for 1/3 of root logins. The root
> logins will be wrong 2/3 of the time regardless.
I replaced most of my code with:
if (smack_enabled)
set_label("User")
It appears to work and is a substantial reduction in code. While I
think this might not be perfect for the future, it does appear to work
now and is simple. Let's ship it that way for now and then when life
becomes more complicated, settle on the homedir xattr vs explicit
configuration and user creation<->label mapping.
Agreed?
Cheers
--
Michael Leibowitz
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
