[Dev] Smack aware softwares

José Bollo jose.bollo at eurogiciel.fr
Thu Dec 12 15:05:06 GMT 2013


Hi,

Some colleagues and me have noted that editing a file with 'vi'  may
change its security.SMACK64 access label (if your are root for
example). 

It comes from the 'vi' that isn't aware of Smack. A brief look into its
sources allow to conclude that 'vi' is aware of SELINUX but not of
Smack. So it will be easy to just adapt the small SELINUX part of 'vi'
to handle Smack. But it reaches the question of the autotools. Is there
any macro for the autotools? I'm seeing some in coreutils.

Further, we looked at what are the tools that must carefully handle
Smack. Many work have be done.
 - ls -Z      shows the access property of files
 - id -Z      prints the current context
 - mkdir -Z   set created directories access
 - cp --preserve=all|xattr  copies Smack properties
 - rsync -X   preserve extended attributes

We are also finding that 'tar' isn't aware of extended attribute. It
isn't sure to preserve extended attribute in normal exchanges. But for
backups, it is merely usefull.

So on the short list of what have to be Smack aware, we have VI and
TAR. 
* https://bugs.tizen.org/jira/browse/PTREL-542
* https://bugs.tizen.org/jira/browse/PTREL-543

Regards
José Bollo



More information about the Dev mailing list