Hello Mr. Schaufler,

I can see that currently smack-tools doesn't support bring-up mode rules.

Generally smackload doesn't allow rwxalb access. And I can see that in sources ACCESS_TYPE_B is not present... Is that intended (I know that you dislike any kind of "permissive-like" mode)?

If no, is that possible for me to contribute, and send the proposal for this for review (If gerrit is available for the project)? https://github.com/smack-team/smack.git

Kind Regards Jacek Wywrót On 03.04.2019 18:26, Casey Schaufler wrote: > On 4/2/2019 11:52 PM, Wywrót Jacek wrote: >> Hello Mr Schaufler, >> >> I'm fighting with SMACK integration, actually this is the stage when >> I'm close to the decision, SMACK or SELinux. >> Currently I'm in favour of SMACK, though I have some problems in >> recognizing what is done automatically, and what is not. > > There are currently two major projects using Smack: > > https://www.automotivelinux.org/ >     Automotive Grade Linux is a Linux Foundation project. It uses the > Yocto Project >     build system. > > https://www.tizen.org/ >     Tizen is Samsung's embedded OS. It is used in cameras, TVs and a > variety of >     other consumer devices. > >> Could you please help to figure out if the//etc/smack/user/  file is >> parsed automatically somehow >> to label newly started processes (or maybe should be handled by >> custom script, or elsewhere)? >> This is actually nothing I could observe (nothing seems to be done >> automatically). > > I'm afraid that I have not done a good job cleaning out obsolete > documentation. > There are currently no supported utilities that use /etc/smack/user. > The current > Smack userspace libraries and utilities are found at: > > https://github.com/smack-team/smack.git > >> >> I tried to add following entry to the file (/etc/smack/user): >> /jacek restricted////1013 //restricted///Then I rebooted the system, >> started shell with: >> /su jacek/ >> >> and started test script: >> /test_loop.sh/ >> >> What I can see when running/ps -axZ/  is: >> /_ 623 ? S 0:00 ash ./test_loop_.sh////_ 628 ? S 0:00 sleep 1/ >> >> >> I should add I run embedded Linux kernel 4.19.1 with SMACK enabled. >> >> I was looking for the answer >> athttps://www.kernel.org/doc/Documentation/security/Smack.txt and >> http://schaufler-ca.com/description_from_the_linux_source_tree, but >> I don't find any clear statement. >> >> I would appreciate short explanation, or pointing right manual :) > > I suggest that the AGL documentation and Tizen Wiki are good > sources. I am also happy to answer other questions you may have. > > > W związku z wejściem w życie przepisów Ogólnego Rozporządzenia o Ochronie Danych Osobowych (tzw. RODO), BURY Sp. z o.o. z siedzibą w Mielcu, spełniając swój ustawowy obowiązek, umożliwia Państwu zapoznanie się z informacjami dotyczącymi przetwarzania Państwa danych osobowych przez BURY Sp. z o.o. Podstawowe informacje: 1. Administratorem danych osobowych jest BURY Sp. z o. o. z siedzibą w Mielcu, będąca stroną łączącej nas z Państwem (podmiotem, w którym Państwo są zatrudnieni, z którym współpracujecie, którego jesteście wspólnikami lub reprezentantami etc.) umowy lub podmiotem, z którym nawiązany został kontakt. 2. W każdym czasie mogą Państwo poprosić o dostęp do swoich danych, ich poprawienie, usunięcie lub ograniczenie przetwarzania. Wszystkie przysługujące Państwu prawa znajdują się na tej stronie https://www.bury.com/pl/dzialalnosc/info/rodo/. W celu realizacji powyższych uprawnień prosimy o kontakt na adres rodo(a)bury.com. 3. Państwa dane osobowe przetwarzane są głównie w celu nawiązania lub zachowania współpracy, wykonania umowy. 4. Więcej na ten temat mogą Państwo przeczytać tutaj <https://www.bury.com/pl/dzialalnosc/info/rodo/> Following the entry into force of the General Data Protection Regulation (so-called GDPR), BURY Sp. z o.o. based in Mielec, fulfilling its statutory duty, enables you to become familiar with the information concerning the processing of your personal data by BURY Sp. z o.o. Basic information: 1. BURY Sp. z o. o. based in Mielec is the administrator of personal data and a party (entity, you are employed in, you cooperate with, you are a partner or a representative of, etc.) to the agreement concluded with you, or the entity with which the contact has been established. 2. At any time, you can ask for access to your data, their rectification, deletion or limitation of their processing. All the rights you are entitled to can be found on this website https://www.bury.com/en/business/info/gdpr/. In order to exercise the above rights, please contact us at rodo(a)bury.com. 3. Your personal data are processed mainly in order to establish or maintain cooperation, perform an agreement. 4. More details on this topic can be found here <https://www.bury.com/en/business/info/gdpr/>;.