On Tue, Oct 8, 2013 at 2:54 AM, Schaufler, Casey <casey.schauf...@intel.com> wrote:
>> http://cgit.freedesktop.org/systemd/systemd/commit/?id=c26547d6127333 >> 71494330e26c7d3604a5dba3d9 >> >> Please check if that works for you. > > It's OK for devices. It won't work for files in general, as Smack > uses multiple attributes in certain cases. Right, the udev directive applies to kernel device nodes only, it can't be used for any plain file. > It won't work for any > future LSM that uses multiple SECLABELS on a device. The code supports lists, but there will be explicit code in udev needed for any "future LSM" anyway, so this sounds fine, I guess. > Yes, I have > been requested to support multiple Smack labels on a file in > the past. There are security semantics that could make sense. Sounds fine. We can catch up whenever needed. For now the udev directive matches the model we do for sockets, where the actual xattr is hidden; that's why we wanted it for udev in a similar fashion: http://cgit.freedesktop.org/systemd/systemd/tree/src/core/socket.c#n799 Kay _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
