-----Original Message----- From: Lennart Poettering [mailto:[email protected]] Sent: Thursday, June 20, 2013 10:08 PM To: Reshetova, Elena
On Wed, 19.06.13 12:09, Reshetova, Elena ([email protected]) wrote: > >>>> This is the patch for review for enabling smack labelling for > >>>> device > nodes. > >>>> > >>>> The functionality and reasoning is inside. I will be happy to > >>>> answer any questions. > >>> > >>> So, this needs some HAVE_SMACK ifdeffery at least. > >>> > >>> That said, I wonder if we should instead make this a generic > >>> XATTR{foobar}="waldo" thing. Kay? > >>> > >> > >> Any update for this? if we use SMACK for udev, it requires it. > > >Lennart's suggestion seems more than reasonable - it would make it > >generic > enough to do: > > > XATTR{security.SMACK64}="label" > > >which I think is all we need here. Elena, do you need help respinning this? > > Sorry for the silence, it seems like I totally missed these replies > (got buried in my mailbox)! > > Sure, I can make a change, but I am not exactly sure what you mean by this: > " XATTR{security.SMACK64}="label"". Adding simple HAVE_SMACK ifdeffery > is easy, but the later part I didn't really understand. >Well, we just want this to be a bit more generic. i.e. we want a generic XATTR{} concept for udev rules, so that you can set any kind of xattrs, not just the ones SMACK needs. That way we can nicely handle the SMACK case, but possibly also handle a lot of >other cases where people just want to use xattrs. Also the SMACK-specific ifdeffery then just becomes an XATTR-specific ifdeffery... Oh, now I understand and indeed makes a lot of sense. Thank you for explaining! > If it is just longer to explain it to me, Auke, you can go ahead and > make a change and I will just learn from looking into it :) > Unfortunately, I don't know systemd code well enough. >Well, you did the initial patch, right? Changing this to be this tiny bit mor expressive should be easy. But anyway, I'll let you an Auke figure this out... Actually the initial patch was done by Brian McGillion (as it says inside the patch), I was mostly just rebasing it and changing some small things since I inherited the patch maintenance. But sure, I will do the change while flying back from my trip, since now I understand what needs to be done. Best Regards, Elena
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
