> -----Original Message----- > From: Lennart Poettering [mailto:[email protected]] > Sent: Tuesday, October 30, 2012 3:47 PM > To: Schaufler, Casey > Cc: Kok, Auke-jan H; [email protected] > Subject: Re: [PATCH] SMACK: Add configuration options. (v3) > > On Tue, 30.10.12 22:35, Schaufler, Casey ([email protected]) > wrote: > > > > Hmm, I think it's a good idea to mount all API VFS that are around, > > > regardless whether the subsystem they are used for is actually > > > really enabled. Isn't there a nicer way how to detect whether a > > > SMACK policy is actually loaded? > > > > Unlike some other security systems, Smack does not do Bad Things when > > there is no "policy" loaded. The out-of-the-box behavior, with no > > configuration, actually is rational in some situations. > > Well, be that as it may, people might still want to known whether there > is a policy loaded and SMACK fully setup and initialized. Is there a > way to find that out?
Running "wc -l" and looking for a non-zero result should do the trick. (BTW: "Smack" is preferred to "SMACK") > > Lennart > > -- > Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
