cschaufler / smack-next Goto Github PK

vm-gentoo-smack / # mkdir /tmp/test   <==(this is a zfs filesystem)
vm-gentoo-smack / # cd /tmp/test
vm-gentoo-smack /tmp/test # chsmack -a dir_label .
vm-gentoo-smack /tmp/test # chsmack .
. access="dir_label"

vm-gentoo-smack /tmp/test # echo "process_label dir_label wx" | smackload
vm-gentoo-smack /tmp/test # echo process_label >/proc/self/attr/current
vm-gentoo-smack /tmp/test # cat /proc/self/attr/current
process_label

vm-gentoo-smack /tmp/test # touch file1
vm-gentoo-smack /tmp/test # mkdir dir1
vm-gentoo-smack /tmp/test # chsmack
dir1 access="_"
file1 access="_"
**** As you can see, it is being set to "floor" instead of "process_label"

**** Now I'll test transmute


vm-gentoo-smack /tmp/test # rm file*
vm-gentoo-smack /tmp/test # rmdir dir*

vm-gentoo-smack /tmp/test # chsmack -t .
vm-gentoo-smack /tmp/test # chsmack .
. access="dir_label" transmute="TRUE"

vm-gentoo-smack /tmp/test # echo "process_label dir_label wxt" | smackload
vm-gentoo-smack /tmp/test # touch file2
vm-gentoo-smack /tmp/test # mkdir dir2
vm-gentoo-smack /tmp/test # chsmack
./dir1 access="_"
./dir2 access="_"
./file1 access="_"
./file2 access="_"
**** As you can see, it is still being set to "floor" instead of transmutating

**** Thinking this may be a ZFS issue, I ran the same tests on a new tmpfs filesystem

vm-gentoo-smack /tmp/test # cd /var/tmp
vm-gentoo-smack /var/tmp # mkdir tmpfs
vm-gentoo-smack /var/tmp # mount -ttmpfs tmpfs tmpfs
vm-gentoo-smack /var/tmp # cd tmpfs
vm-gentoo-smack /var/tmp/tmpfs # df -h .
Filesystem      Size  Used Avail Use% Mounted on
tmpfs           4.9G     0  4.9G   0% /var/tmp/tmpfs

vm-gentoo-smack /var/tmp/tmpfs # mkdir test
vm-gentoo-smack /var/tmp/tmpfs # chsmack -a dir_label test
vm-gentoo-smack /var/tmp/tmpfs # chsmack
./test access="dir_label"

vm-gentoo-smack /var/tmp/tmpfs # cd test
vm-gentoo-smack /var/tmp/tmpfs # echo "process_label dir_label wx" | smackload
vm-gentoo-smack /var/tmp/tmpfs/test # touch file1
vm-gentoo-smack /var/tmp/tmpfs/test # mkdir dir1
vm-gentoo-smack /var/tmp/tmpfs/test # chsmack
./dir1 access="process_label"
./file1 access="process_label"
**** Now it is properly inheriting the "process_label"

**** Test transmutation now

vm-gentoo-smack /var/tmp/tmpfs/test # chsmack -t .
vm-gentoo-smack /var/tmp/tmpfs/test # echo "process_label dir_label wxt" | smackload
vm-gentoo-smack /var/tmp/tmpfs/test # touch file2
vm-gentoo-smack /var/tmp/tmpfs/test # mkdir dir2
vm-gentoo-smack /var/tmp/tmpfs/test # chsmack
./dir2 access="dir_label" transmute="TRUE"
./file2 access="process_label"
**** Transmutation is properly working as well

**** This got me thinking about ZFS and the 3 different settings for 'xattr'
**** In the first case above, it is set to: 'xattr=sa'
**** For this test, I created a new zfs filesystem '/tmp2' and set 'xattr=on'

vm-gentoo-smack /var/tmp/tmpfs/test # cd /
vm-gentoo-smack / # zfs create -oxattr=on zpool/ROOT/tmp2
vm-gentoo-smack / # findmnt tmp2
TARGET SOURCE          FSTYPE OPTIONS
/tmp2  zpool/ROOT/tmp2 zfs    rw,noatime,xattr,posixacl

vm-gentoo-smack / # cd tmp2
vm-gentoo-smack /tmp2 # echo "process_label dir_label wx" | smackload
vm-gentoo-smack /tmp2 # mkdir test
vm-gentoo-smack /tmp2 # cd test
vm-gentoo-smack /tmp2/test # chsmack -a dir_label .
vm-gentoo-smack /tmp2/test # chsmack
vm-gentoo-smack /tmp2/test # chsmack .
. access="dir_label"

vm-gentoo-smack /tmp2/test # touch file1
vm-gentoo-smack /tmp2/test # mkdir dir1
vm-gentoo-smack /tmp2/test # chsmack
./dir1 access="_"
./file1 access="_"

vm-gentoo-smack /tmp2/test # chsmack -t .
vm-gentoo-smack /tmp2/test # echo "process_label dir_label wxt" | smackload
vm-gentoo-smack /tmp2/test # chsmack .
. access="dir_label" transmute="TRUE"

vm-gentoo-smack /tmp2/test # touch file2
vm-gentoo-smack /tmp2/test # mkdir dir2
vm-gentoo-smack /tmp2/test # chsmack .
. access="dir_label" transmute="TRUE"

vm-gentoo-smack /tmp2/test # chsmack
./dir1 access="_"
./dir2 access="_"
./file2 access="_"
./file1 access="_"
****  Same behavior as the first test case above