Re: [PATCH 1/6] id: correct document about its security context option

coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/6] id: correct document about its security context option

From:	Pádraig Brady
Subject:	Re: [PATCH 1/6] id: correct document about its security context option
Date:	Thu, 16 Jan 2014 12:17:56 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2

On 01/16/2014 04:44 AM, Chengwei Yang wrote:
> In both SELinux and SMACK environment, 'id -Z' says about the security
> context of the current process, the id process, rather than the security
> context of the current user.
> ---
>  doc/coreutils.texi |    2 +-
>  src/id.c           |    2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/doc/coreutils.texi b/doc/coreutils.texi
> index 9a19cfa..6b7194a 100644
> --- a/doc/coreutils.texi
> +++ b/doc/coreutils.texi
> @@ -14564,7 +14564,7 @@ Print only the user ID.
>  @cindex SELinux
>  @cindex security context
>  Print only the security context of the current user.

I'll change the above mention of "current user"
to also mention 'process'.

Some examples for my own reference:

$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ ps -ocontext= -p $$
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ runcon 'root:object_r:tmp_t:s0' id -Z
root:object_r:tmp_t:s0

> -If SELinux is disabled then print a warning and
> +If both SELinux and SMACK are disabled then print a warning and
>  set the exit status to 1.
>  
>  @item -z
> diff --git a/src/id.c b/src/id.c
> index 803c360c..1007eb2 100644
> --- a/src/id.c
> +++ b/src/id.c
> @@ -89,7 +89,7 @@ or (when USER omitted) for the current user.\n\
>               stdout);
>        fputs (_("\
>    -a             ignore, for compatibility with other versions\n\
> -  -Z, --context  print only the security context of the current user\n\
> +  -Z, --context  print only the security context of the current process\n\

So this is a little ambiguous. In the SMACK64EXEC edge case,
is the current process referring to the id process or the
process it's being run from?

  -Z, --context  print only the security context inherited by the process

>    -g, --group    print only the effective group ID\n\
>    -G, --groups   print all group IDs\n\
>    -n, --name     print a name instead of a number, for -ugG\n\

thanks,
Pádraig.

[Prev in Thread]

Current Thread

[Next in Thread]

[PATCH 0/6] Doc: correct for commands which support SELinux and SMACK, Chengwei Yang, 2014/01/15
- [PATCH 1/6] id: correct document about its security context option, Chengwei Yang, 2014/01/15
  - Re: [PATCH 1/6] id: correct document about its security context option, Pádraig Brady <=
    - Re: [PATCH 1/6] id: correct document about its security context option, Yang Chengwei, 2014/01/16
    - Re: [PATCH 1/6] id: correct document about its security context option, Pádraig Brady, 2014/01/16
- [PATCH 2/6] ls: correct document about its security context label, Chengwei Yang, 2014/01/15
  - Re: [PATCH 2/6] ls: correct document about its security context label, Pádraig Brady, 2014/01/16
    - Re: [PATCH 2/6] ls: correct document about its security context label, Yang Chengwei, 2014/01/16
- [PATCH 3/6] mkdir: correct document about security context option, Chengwei Yang, 2014/01/15
- [PATCH 4/6] mkfifo: correct document about security context option, Chengwei Yang, 2014/01/15
- [PATCH 5/6] mknod: correct document about security context option, Chengwei Yang, 2014/01/15
- [PATCH 6/6] doc: fix alignment, Chengwei Yang, 2014/01/15
  - Re: [PATCH 6/6] doc: fix alignment, Pádraig Brady, 2014/01/16

Prev by Date: Re: Why "id -Z" get the current process security context but says "of the current user" in help?
Next by Date: Re: [PATCH 2/6] ls: correct document about its security context label
Previous by thread: [PATCH 1/6] id: correct document about its security context option
Next by thread: Re: [PATCH 1/6] id: correct document about its security context option
Index(es):
- Date
- Thread