On mer, 2014-01-29 at 09:41 -0800, Leibowitz, Michael wrote: > On Fri, Jan 24, 2014 at 9:26 AM, Schaufler, Casey > <[email protected]> wrote: > > Let me go just a tiny bit further. For "regular" logins (not root) the home > > directory should always be User. At least until Multi-user is sufficiently > > solid that we start thinking about giving each user their own Smack domain. > > I don't expect that to happen soon. The only exception will be root logins. > > When you log in as root you are expected to know what you're doing. > > Further, whatever Smack label you get (floor, System or User) is not going > > to be right for what you want to do about 2/3 of the time. > > > > So why not set the Smack label for ssh sessions to be User in all cases? > > That will be right for all non-root logins and for 1/3 of root logins. The > > root logins will be wrong 2/3 of the time regardless. > > I replaced most of my code with: > if (smack_enabled) > set_label("User") > > It appears to work and is a substantial reduction in code.
I believe you!) > While I > think this might not be perfect for the future, it does appear to work > now and is simple. Let's ship it that way for now and then when life > becomes more complicated, settle on the homedir xattr vs explicit > configuration and user creation<->label mapping. That is a pleasing roadmap. > Agreed? yes but someone else has to approve Best regards José > > Cheers > _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
