[systemd-devel] [PATCH] SMACK: assign * label to /tmp when using SMACK.
WaLyong Cho
walyong.cho at samsung.com
Mon Oct 28 11:44:40 CET 2013
At the same reason of /run and /dev/shm, when systemd is running with
SMACK, countless tasks are failed by missed privilege.
To avoid, /tmp is assigned '*' label.
---
Makefile.am | 10 ++++++----
configure.ac | 4 +++-
units/tmp.mount | 20 --------------------
units/tmp.mount.m4 | 22 ++++++++++++++++++++++
4 files changed, 31 insertions(+), 25 deletions(-)
delete mode 100644 units/tmp.mount
create mode 100644 units/tmp.mount.m4
diff --git a/Makefile.am b/Makefile.am
index 4a96a50..6c977e8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -399,7 +399,6 @@ dist_systemunit_DATA = \
units/sys-kernel-config.mount \
units/sys-kernel-debug.mount \
units/sys-fs-fuse-connections.mount \
- units/tmp.mount \
units/printer.target \
units/sound.target \
units/bluetooth.target \
@@ -444,7 +443,8 @@ nodist_systemunit_DATA = \
units/initrd-cleanup.service \
units/initrd-udevadm-cleanup-db.service \
units/initrd-switch-root.service \
- units/systemd-nspawn at .service
+ units/systemd-nspawn at .service \
+ units/tmp.mount
dist_userunit_DATA = \
units/user/default.target \
@@ -488,12 +488,14 @@ EXTRA_DIST += \
units/initrd-cleanup.service.in \
units/initrd-udevadm-cleanup-db.service.in \
units/initrd-switch-root.service.in \
- units/systemd-nspawn at .service.in
+ units/systemd-nspawn at .service.in \
+ units/tmp.mount.m4
CLEANFILES += \
units/console-shell.service.m4 \
units/console-getty.service.m4 \
- units/rescue.service.m4
+ units/rescue.service.m4 \
+ units/tmp.mount.m4
if HAVE_SYSV_COMPAT
nodist_systemunit_DATA += \
diff --git a/configure.ac b/configure.ac
index 7e41d57..65268e8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -503,6 +503,8 @@ AC_SUBST(XATTR_LIBS)
AM_CONDITIONAL([HAVE_XATTR], [test "x$have_xattr" != xno])
# ------------------------------------------------------------------------------
+M4_DEFINES=
+
AC_ARG_ENABLE([smack], AS_HELP_STRING([--disable-smack],[Disable optional SMACK support]),
[case "${enableval}" in
yes) have_smack=yes ;;
@@ -531,6 +533,7 @@ AS_HELP_STRING([--with-smack-run-label=STRING],
if test "x${have_smack}" = xyes ; then
AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available])
+ M4_DEFINES="$M4_DEFINES -DHAVE_SMACK"
fi
# ------------------------------------------------------------------------------
@@ -891,7 +894,6 @@ AM_CONDITIONAL(ENABLE_MANPAGES, [test "x$have_manpages" = "xyes"])
# Location of the init scripts as mandated by LSB
SYSTEM_SYSVINIT_PATH=/etc/init.d
SYSTEM_SYSVRCND_PATH=/etc/rc.d
-M4_DEFINES=
AC_ARG_WITH([sysvinit-path],
[AS_HELP_STRING([--with-sysvinit-path=PATH],
diff --git a/units/tmp.mount b/units/tmp.mount
deleted file mode 100644
index 99a3ba3..0000000
--- a/units/tmp.mount
+++ /dev/null
@@ -1,20 +0,0 @@
-# This file is part of systemd.
-#
-# systemd is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as published by
-# the Free Software Foundation; either version 2.1 of the License, or
-# (at your option) any later version.
-
-[Unit]
-Description=Temporary Directory
-Documentation=man:hier(7)
-Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
-DefaultDependencies=no
-Conflicts=umount.target
-Before=local-fs.target umount.target
-
-[Mount]
-What=tmpfs
-Where=/tmp
-Type=tmpfs
-Options=mode=1777,strictatime
diff --git a/units/tmp.mount.m4 b/units/tmp.mount.m4
new file mode 100644
index 0000000..46c7fcd
--- /dev/null
+++ b/units/tmp.mount.m4
@@ -0,0 +1,22 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Temporary Directory
+Documentation=man:hier(7)
+Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
+DefaultDependencies=no
+Conflicts=umount.target
+Before=local-fs.target umount.target
+
+[Mount]
+What=tmpfs
+Where=/tmp
+Type=tmpfs
+m4_ifdef(`HAVE_SMACK',
+`Options=mode=1777,strictatime,smackfsroot=*',
+`Options=mode=1777,strictatime')
--
1.7.9.5
More information about the systemd-devel
mailing list