[Dev] Smack aware softwares
jose.bollo at eurogiciel.fr
Thu Dec 12 15:05:06 GMT 2013
Some colleagues and me have noted that editing a file with 'vi' may
change its security.SMACK64 access label (if your are root for
It comes from the 'vi' that isn't aware of Smack. A brief look into its
sources allow to conclude that 'vi' is aware of SELINUX but not of
Smack. So it will be easy to just adapt the small SELINUX part of 'vi'
to handle Smack. But it reaches the question of the autotools. Is there
any macro for the autotools? I'm seeing some in coreutils.
Further, we looked at what are the tools that must carefully handle
Smack. Many work have be done.
- ls -Z shows the access property of files
- id -Z prints the current context
- mkdir -Z set created directories access
- cp --preserve=all|xattr copies Smack properties
- rsync -X preserve extended attributes
We are also finding that 'tar' isn't aware of extended attribute. It
isn't sure to preserve extended attribute in normal exchanges. But for
backups, it is merely usefull.
So on the short list of what have to be Smack aware, we have VI and
More information about the Dev