How to set the label to some files or directories when system boot up #134
Comments
|
SELinux uses a utility to initialize labels at system boot. On a system
that uses systemd this is selinux-autorelabel.service. For a smack
system that uses systemd you will want to follow that example. What
system are you targeting?
…On 12/4/2022 7:06 PM, xdsb wrote:
How to set the label to some files or directories automatically when
system boot up ? not like using the smack-util tool chsmack "chsmack
-a 'attr' file" in terminal after linux system boot up. Just like
setting file_contexts in SELINUX
Thank you.
—
Reply to this email directly, view it on GitHub
<#134>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ5L7H3SL6SHYKUXHOMGUDWLVL25ANCNFSM6AAAAAASTYKKBY>.
You are receiving this because you are subscribed to this
thread.Message ID: ***@***.***>
|
|
smack with systemd, and I want to set smack labels for some files and directories in the rootfs so that the labels would be set at a system boot automatically, just likeing using make_ext4fs with option -S file_contexts to set labels in SElinux when making rootfs img, |
|
Unfortunately, the authors of make_ext4fs made it SELinux specific. It
would not be difficult to add support for extended attributes in
general, or just for Smack.
…On 12/5/2022 7:27 PM, xdsb wrote:
smack, and I want to set smack labels for some files and directories
in the rootfs so that the labels would be set at boot up
automatically, just liking using make_ext4fs with option -S
file_contexts to set labels in SElinux when making rootfs img,
could I also set smack labels by this way?
—
Reply to this email directly, view it on GitHub
<#134 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ5L7DHOHHTK4VA4DOCH6TWL2XC7ANCNFSM6AAAAAASTYKKBY>.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
OKay,,thank you for your reply. |
|
Are you using systemd? If not, what are you using from system management?
…On 12/6/2022 7:55 AM, xdsb wrote:
OKay,,thank you for your reply.
So,how to set smack labels to files or directories at system boot up?
—
Reply to this email directly, view it on GitHub
<#134 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ5L7AFZWJHUZWRTVPHH3DWL5OXLANCNFSM6AAAAAASTYKKBY>.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
Yeah,we use systemd as system management. |
|
An example of an implementation of Smack initialization can be found:
https://gerrit.automotivelinux.org/gerrit/gitweb?p=AGL/meta-agl.git;a=tree;f=meta-security/recipes-core/systemd/systemd;h=919d2aa051b7b5c44988c38ada15153e9912f23a;hb=refs/changes/23/18823/4
…On 12/6/2022 8:04 AM, xdsb wrote:
Yeah,we use systemd as system management.
—
Reply to this email directly, view it on GitHub
<#134 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJ5L7DA5BLZGJI7TU2QIS3WL5PXJANCNFSM6AAAAAASTYKKBY>.
You are receiving this because you commented.Message ID:
***@***.***>
|
|
When using yocto, some of the labelling made in post install of packets are managed using In my opinion, you are looking for a tool that based on some predefined rules enforce smack labels on files. A such official Smack's tool doesn't exist, AFAIK. |
|
yeah,@jobol, we just want to set labels to files or directories in the rootfs at system boot or set labels at making rootfs image just like "make_ext4fs -S file_context" in Selinux, |
How to set the label to some files or directories automatically when system boot up ? not like using the smack-util tool chsmack "chsmack -a 'attr' file" in terminal after linux system boot up. Just like setting file_contexts in SELINUX
Thank you.
The text was updated successfully, but these errors were encountered: