On Tue, Oct 30, 2012 at 2:56 PM, Lennart Poettering <[email protected]> wrote: > On Mon, 29.10.12 20:17, Kok, Auke-jan H ([email protected]) wrote: >> yes, you can detect it by reading /proc/filesystems and checking for >> "smackfs", and >> if mounted, that it's enabled. > > Hmm, I think it's a good idea to mount all API VFS that are around, > regardless whether the subsystem they are used for is actually really > enabled. Isn't there a nicer way how to detect whether a SMACK policy is > actually loaded?
I started looking at it this morning during a meeting and this looks easy enough to enable early on, and well worth doing. It's taking the code from smackctl (which is LGPLv2... so, should be totally fine) and dropping it in just like setup-ima|selinux. There is no "master ON" switch in SMACK (it is always on if compiled enabled). But you can check if "/smack/load" contains data. If there are 0 bytes in it, no rules were loaded. fopen()+feof() should suffice, I think. >> bootchart first though, grrr ;^) > > Haven*t forgotten that, will look into it soon. Promised! Not something you need to do - I need to implement the proverbial "bootchart=<boolean>" in /etc/systemd/system.conf and finish up the initial patch, which is something I think we should really add before we merge the code. Plus finish man pages, fix the doc references etc.. In general, make it look better. Probably convert it to systemd coding style, as it's using tabs right now. I just need to find some time. If only had a vacation coming soon.... ;^) Auke _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
