[Dev] Gumd and security-manager integration
jussi.laako at linux.intel.com
Thu Oct 9 11:29:01 GMT 2014
On 8.10.2014 19:08, Dominig ar Foll (Intel OTC) wrote:
> As someone need to decide, I "propose" to call gumd from the security
> manager for user creation and removal. Login and Logoff are not
> concerned and will remain direct call to gumd
I just don't see the point of layering vs using gumd scripts. For the
login/logoff actions you'd anyway need to provide necessary scripts.
> please sync with Jussi on this mailing list on the best way to
> encapsulate user creation and provide the right label to the various
> files and directories.
We are setting smack permissions already on the home directory. Any
other directory needs to be handled through those hook scripts.
> In that mode user creation should be done by direct call to useradd as
> no one would be listening to the gumd notifications.
This is something I'd object against, because then user creation would
be handled in a different way and you don't get the hook scripts called.
You'd need to always consider two distinct user creation paths.
gumd notifications are irrelevant in this sense, I guess nobody is using
those for anything at the moment anyway.
More information about the Dev