[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 1/6] id: correct document about its security context option
From: |
Pádraig Brady |
Subject: |
Re: [PATCH 1/6] id: correct document about its security context option |
Date: |
Thu, 16 Jan 2014 12:17:56 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130110 Thunderbird/17.0.2 |
On 01/16/2014 04:44 AM, Chengwei Yang wrote:
> In both SELinux and SMACK environment, 'id -Z' says about the security
> context of the current process, the id process, rather than the security
> context of the current user.
> ---
> doc/coreutils.texi | 2 +-
> src/id.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/doc/coreutils.texi b/doc/coreutils.texi
> index 9a19cfa..6b7194a 100644
> --- a/doc/coreutils.texi
> +++ b/doc/coreutils.texi
> @@ -14564,7 +14564,7 @@ Print only the user ID.
> @cindex SELinux
> @cindex security context
> Print only the security context of the current user.
I'll change the above mention of "current user"
to also mention 'process'.
Some examples for my own reference:
$ id -Z
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ ps -ocontext= -p $$
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ runcon 'root:object_r:tmp_t:s0' id -Z
root:object_r:tmp_t:s0
> -If SELinux is disabled then print a warning and
> +If both SELinux and SMACK are disabled then print a warning and
> set the exit status to 1.
>
> @item -z
> diff --git a/src/id.c b/src/id.c
> index 803c360c..1007eb2 100644
> --- a/src/id.c
> +++ b/src/id.c
> @@ -89,7 +89,7 @@ or (when USER omitted) for the current user.\n\
> stdout);
> fputs (_("\
> -a ignore, for compatibility with other versions\n\
> - -Z, --context print only the security context of the current user\n\
> + -Z, --context print only the security context of the current process\n\
So this is a little ambiguous. In the SMACK64EXEC edge case,
is the current process referring to the id process or the
process it's being run from?
-Z, --context print only the security context inherited by the process
> -g, --group print only the effective group ID\n\
> -G, --groups print all group IDs\n\
> -n, --name print a name instead of a number, for -ugG\n\
thanks,
Pádraig.
- [PATCH 0/6] Doc: correct for commands which support SELinux and SMACK, Chengwei Yang, 2014/01/15
- [PATCH 2/6] ls: correct document about its security context label, Chengwei Yang, 2014/01/15
- [PATCH 3/6] mkdir: correct document about security context option, Chengwei Yang, 2014/01/15
- [PATCH 4/6] mkfifo: correct document about security context option, Chengwei Yang, 2014/01/15
- [PATCH 5/6] mknod: correct document about security context option, Chengwei Yang, 2014/01/15
- [PATCH 6/6] doc: fix alignment, Chengwei Yang, 2014/01/15