On 11/11/2014 04:10 AM, Lennart Poettering wrote:
> On Tue, 11.11.14 00:43, WaLyong Cho (walyong@samsung.com) wrote:
>
>> On 11/10/2014 10:26 PM, Lennart Poettering wrote:
>>> On Fri, 07.11.14 10:03, Casey Schaufler (ca...@schaufler-ca.com) wrote:
>>>
Calling it SmackLabel= instead of Sma
On Tue, 11.11.14 00:43, WaLyong Cho (walyong@samsung.com) wrote:
> On 11/10/2014 10:26 PM, Lennart Poettering wrote:
> > On Fri, 07.11.14 10:03, Casey Schaufler (ca...@schaufler-ca.com) wrote:
> >
> >> Calling it SmackLabel= instead of SmackLabelExec= would be fine as
> >> far as I'm concerne
On 11/10/2014 10:26 PM, Lennart Poettering wrote:
> On Fri, 07.11.14 10:03, Casey Schaufler (ca...@schaufler-ca.com) wrote:
>
>> Calling it SmackLabel= instead of SmackLabelExec= would be fine as
>> far as I'm concerned. SmackLabel= is more consistent with SELinuxContext=
>> and AppArmorProfile=,
On Fri, 07.11.14 10:03, Casey Schaufler (ca...@schaufler-ca.com) wrote:
> Calling it SmackLabel= instead of SmackLabelExec= would be fine as
> far as I'm concerned. SmackLabel= is more consistent with SELinuxContext=
> and AppArmorProfile=, as you point out.
OK!
WaLyong, let's name it SmackLabel
On 11/10/2014 08:57 PM, Simon McVittie wrote:
> On 09/11/14 02:08, Casey Schaufler wrote:
>> Thus, dbus is a fine example where SMACK64EXEC is a bad idea. Because you
>> want a system bus and a user bus with different attributes you want it to get
>> the Smack label at launch time, just like you do
On 09/11/14 02:08, Casey Schaufler wrote:
> Thus, dbus is a fine example where SMACK64EXEC is a bad idea. Because you
> want a system bus and a user bus with different attributes you want it to get
> the Smack label at launch time, just like you do for UID and capability sets.
I think there's a mu
On 11/9/2014 5:56 AM, WaLyong Cho wrote:
> On 11/08/2014 01:36 AM, Lennart Poettering wrote:
>> On Fri, 07.11.14 15:43, WaLyong Cho (walyong@samsung.com) wrote:
>>
>>> On 11/07/2014 09:35 AM, Lennart Poettering wrote:
On Fri, 07.11.14 04:17, WaLyong Cho (walyong@gmail.com) wrote:
On 11/08/2014 01:36 AM, Lennart Poettering wrote:
> On Fri, 07.11.14 15:43, WaLyong Cho (walyong@samsung.com) wrote:
>
>> On 11/07/2014 09:35 AM, Lennart Poettering wrote:
>>> On Fri, 07.11.14 04:17, WaLyong Cho (walyong@gmail.com) wrote:
>>>
SMACK64
Used to make access contro
On 11/6/2014 10:43 PM, WaLyong Cho wrote:
> On 11/07/2014 09:35 AM, Lennart Poettering wrote:
>> On Fri, 07.11.14 04:17, WaLyong Cho (walyong@gmail.com) wrote:
>>
>>> SMACK64
>>> Used to make access control decisions. In almost all cases
>>> the label given to a new filesystem object wi
On 11/7/2014 8:36 AM, Lennart Poettering wrote:
> On Fri, 07.11.14 15:43, WaLyong Cho (walyong@samsung.com) wrote:
>
>> On 11/07/2014 09:35 AM, Lennart Poettering wrote:
>>> On Fri, 07.11.14 04:17, WaLyong Cho (walyong@gmail.com) wrote:
>>>
SMACK64
Used to make access control d
On Fri, 07.11.14 15:43, WaLyong Cho (walyong@samsung.com) wrote:
> On 11/07/2014 09:35 AM, Lennart Poettering wrote:
> > On Fri, 07.11.14 04:17, WaLyong Cho (walyong@gmail.com) wrote:
> >
> >> SMACK64
> >>Used to make access control decisions. In almost all cases
> >>the label giv
On 11/07/2014 09:35 AM, Lennart Poettering wrote:
> On Fri, 07.11.14 04:17, WaLyong Cho (walyong@gmail.com) wrote:
>
>> SMACK64
>> Used to make access control decisions. In almost all cases
>> the label given to a new filesystem object will be the label
>> of the process that cr
On Fri, 07.11.14 04:17, WaLyong Cho (walyong@gmail.com) wrote:
> SMACK64
> Used to make access control decisions. In almost all cases
> the label given to a new filesystem object will be the label
> of the process that created it.
> SMACK64EXEC
> The Smack label of a pr
On 11/07/2014 03:30 AM, Lennart Poettering wrote:
> On Fri, 07.11.14 03:18, WaLyong Cho (walyong@gmail.com) wrote:
>
>> On 11/06/2014 11:54 PM, Lennart Poettering wrote:
>>> On Tue, 04.11.14 17:35, WaLyong Cho (walyong@samsung.com) wrote:
>>>
In case of systemd has "_" label and run a
On Fri, 07.11.14 03:18, WaLyong Cho (walyong@gmail.com) wrote:
> On 11/06/2014 11:54 PM, Lennart Poettering wrote:
> > On Tue, 04.11.14 17:35, WaLyong Cho (walyong@samsung.com) wrote:
> >
> >> In case of systemd has "_" label and run as root, if a service file
> >> has "User=" option and
On 11/06/2014 11:54 PM, Lennart Poettering wrote:
> On Tue, 04.11.14 17:35, WaLyong Cho (walyong@samsung.com) wrote:
>
>> In case of systemd has "_" label and run as root, if a service file
>> has "User=" option and the command line file has a special SMACK label
>> then systemd will fail to e
On Tue, 04.11.14 17:35, WaLyong Cho (walyong@samsung.com) wrote:
> In case of systemd has "_" label and run as root, if a service file
> has "User=" option and the command line file has a special SMACK label
> then systemd will fail to execute the command. Generally, SMACK label
> is ignored f
In case of systemd has "_" label and run as root, if a service file
has "User=" option and the command line file has a special SMACK label
then systemd will fail to execute the command. Generally, SMACK label
is ignored for the root. But if a service has a "User=" then systemd
will call setresuid()
18 matches
Mail list logo
