[Meego-security-discussion] smackutil in MeeGo

casey.schaufler at nokia.com casey.schaufler at nokia.com
Tue Apr 19 09:47:33 PDT 2011 

> ________________________________________
> From: ext Rolf Offermanns [roffermanns at sysgo.com]
> Sent: Tuesday, April 19, 2011 2:51 AM
> To: Schaufler Casey (Nokia-SD/SiliconValley)
> Cc: meego-security-discussion at lists.meego.com
> Subject: Re: [Meego-security-discussion] smackutil in MeeGo
> 
> On 04/18/2011 11:55 PM, casey.schaufler at nokia.com wrote:
> >> ________________________________________
> >> From: meego-security-discussion-bounces at lists.meego.com [meego-security-discussion-bounces at lists.meego.com] on behalf of ext Rolf Offermanns [roffermanns at sysgo.com]
> >> Sent: Monday, April 18, 2011 3:35 AM
> >> To: meego-security-discussion at lists.meego.com
> >> Subject: [Meego-security-discussion] smackutil in MeeGo
> >>
> >> Hi All,
> >>
> >> I know this is not an official package, but maybe someone can comment on
> >> this:
> >>
> >> I am running a current MeeGo trunk build
> >> (meego-netbook-ia32-1.1.99.3.20110415.89.img) with a modified (SMACK
> >> enabled) kernel. I tried various versions of the smackutil package:
> >>
> >> 1. home:caseys>  smackutil
> >> 2. devel:security:mssf>  smackutil
> >> 3. smackutil-0.1 from Caseys homepage
> >>
> >> 1. and 2. give me a "writing /smack/load: Invalid argument" error,
> >> whenever I try to load a smack rule with smackload.
> >>
> >> 3. works find with the same input.
> >>
> >> Has the rule syntax changed? Any hints?
> >
> > That is curious. Can you run smackload under strace? That will tell us exactly what it is sending.
> 
> Hi Casey,
> the OBS smackloads append a dash to the access mode:
> 
> write(3, "_                       host                    rwxa-", 53) = -1 EINVAL (Invalid argument)
> write(3, "host                    _                       rwxa-", 53) = -1 EINVAL (Invalid argument)
> 
> 
> while the version from your homepage keep the exact string from the config file:
> 
> write(3, "_                       host                    rwxa", 52) = 52
> write(3, "host                    _                       rwxa", 52) = 52
> 
> HTH,

Your kernel predates commit 5c6d1125f8dbd1bfef39e38fbc2837003be78a59
of December 7, 2010 which added support for transmuting directories. The kernel
is backward compatable with older versions of smackload, however the newer
version of smackload is not compatable with older kernels. This is annoying. I will
have a go at fixing this.

> Rolf

More information about the MeeGo-security-discussion mailing list