[PATCH] --secontext: Implement displaying of expected context upon mismatch
Dmitry V. Levin
ldv at altlinux.org
Mon Dec 6 20:10:17 UTC 2021
On Mon, Dec 06, 2021 at 08:46:09PM +0100, Renaud Métrich wrote:
> On 12/6/21 15:44, Dmitry V. Levin wrote:
> > Let's say that --secontext means --secontext=type, "full" includes "type"
> > so that --secontext=full engulfs --secontext=type, "mismatch" is not
> > included into "full" so one would have to use --secontext=full,mismatch.
> That's already the case, full == the full context, but no mismatch check.
> > As a side effect of using qualify_tokens(), there would be
> > --secontext=none disabling the whole thing, and --secontext=all enabling
> > all bits including all future bits.
> >
> > Does this make sense?
> >
> OK I get it.
>
> What about having the mismatched context be printed after a double
> exclamation mark "!!".
>
> Are you ok with this?
What are the symbols we're choosing from?
Is there any symbols that cannot be returned by getfilecon/getpidcon?
--
ldv
More information about the Strace-devel
mailing list