It was <2014-02-19 śro 16:06>, when Lennart Poettering wrote: > On Wed, 19.02.14 15:44, Łukasz Stelmach ([email protected]) wrote: > >> > Also, please move the #ifdef HAVE_SMACK checks inside of this function >> > and make it a NOP on non-SMACK builds. That way we only have one #ifdef >> > check for this and not one for each invocation of the function. The >> > compiler should be smart away to suppress the function if it empty. >> >> I am not sure about that. If we want smack_relabel_in_dev() to return a >> value and call it from label_fix() >> >> --8<---------------cut here---------------start------------->8--- >> int label_fix(const char *path, bool ignore_enoent, bool ignore_erofs) { >> int r = 0; >> >> #ifdef HAVE_SELINUX >> [...] >> #endif >> smack_relabel_in_dev(path); >> >> return r; >> } >> --8<---------------cut here---------------end--------------->8--- >> >> then it seems better to write >> >> --8<---------------cut here---------------start------------->8--- >> #elif defined(HAVE_SMACK) >> r = smack_relabel_in_dev(path); >> #endif >> --8<---------------cut here---------------end--------------->8--- >> >> and be able to add support for a yet undetermined security framework >> below assuming systemd can have support for only one fw compiled in. How >> to have support for more than one security fw reasonably compiled in? (I >> think this is the moment to create the pattern). > > Well, the other option is to simply place the smack relabelling code > directly in label_fix(), which would map 1:1 what we do for selinux.
Not really because smack_relabel_in_dev() is called in a few other places below too. -- Łukasz Stelmach Samsung R&D Institute Poland Samsung Electronics
pgprNC41pbxwl.pgp
Description: PGP signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
