[systemd-devel] [PATCH] Smack enabled systems need /dev special devices correctly labeled
Kok, Auke-jan H
auke-jan.h.kok at intel.com
Sat Oct 12 15:20:44 PDT 2013
On Fri, Oct 11, 2013 at 4:47 PM, Michael Demeter
<michael.demeter at intel.com> wrote:
> - Add AC_DEFINE for HAVE_SMACK to configure.ac
> - Add Check for smack in Makefile.am to include smack default rules
> - Add smack default rules to label /dev/xxx correctly for access
>
> Change-Id: Iab07eb632b487b9ac4567cd08d0da6879709d44f
> Signed-off-by: Michael Demeter <michael.demeter at intel.com>
> ---
> Makefile.am | 5 +++++
> configure.ac | 1 +
> rules/55-udev-smack-default.rules | 18 ++++++++++++++++++
> 3 files changed, 24 insertions(+)
> create mode 100644 rules/55-udev-smack-default.rules
>
> diff --git a/Makefile.am b/Makefile.am
> index e8be76b..bd397c4 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -1943,6 +1943,11 @@ dist_udevrules_DATA += \
> rules/80-net-name-slot.rules \
> rules/95-udev-late.rules
>
> +if HAVE_SMACK
> +dist_udevrules_DATA += \
> + rules/55-udev-smack-default.rules
> +endif
> +
> dist_udevhwdb_DATA = \
> hwdb/20-pci-vendor-model.hwdb \
> hwdb/20-pci-classes.hwdb \
> diff --git a/configure.ac b/configure.ac
> index 091fe20..facd931 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -472,6 +472,7 @@ AS_HELP_STRING([--with-smack-run-label=STRING],
>
> if test "x${have_smack}" = xyes ; then
> AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available])
> + AM_CONDITIONAL([HAVE_SMACK], [true])
> fi
>
> # ------------------------------------------------------------------------------
> diff --git a/rules/55-udev-smack-default.rules b/rules/55-udev-smack-default.rules
> new file mode 100644
> index 0000000..6df90bb
> --- /dev/null
> +++ b/rules/55-udev-smack-default.rules
> @@ -0,0 +1,18 @@
> +# do not edit this file, it will be overwritten on update
> +
> +KERNEL=="null",SMACK="*"
> +KERNEL=="zero",SMACK="*"
> +KERNEL=="console",SMACK="*"
> +KERNEL=="kmsg",SMACK="*"
> +KERNEL=="video0",SMACK="*"
> +KERNEL=="card0",SMACK="*"
shouldn't these be "card*" and "video*" ?
Auke
More information about the systemd-devel
mailing list