[systemd-devel] [PATCH] Do not cache use_smack() value unless /sys is mounted
Łukasz Stelmach
l.stelmach at samsung.com
Fri Mar 14 01:35:15 PDT 2014
It was <2014-03-11 wto 05:12>, when Lennart Poettering wrote:
> On Fri, 28.02.14 17:09, Łukasz Stelmach (l.stelmach at samsung.com) wrote:
>
>> use_smack() is called very early via mkdir_p_label(). This happens
>> before /sys is mounted and hence before the authoritative information
>> about smack is even available. To prevent caching of the invalid value
>> check whether /sys/fs exists.
>
> Hmm, it appears to me that we probably shouldn't invoke mkdir_p_label()
> that early? Do you know which invocation this is?
mount_one() called from mount_setup_early() at src/core/mount-setup.c
> It sounds really wrong trying to relabel a dir before the policy is
> actually loaded...
mount_one() is used for both mount_setup() and mount_setup_early() and
distinguishing them would look odd.
>
>> ---
>> src/shared/smack-util.c | 3 +++
>> 1 file changed, 3 insertions(+)
>>
>> diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
>> index df194e0..96f365c 100644
>> --- a/src/shared/smack-util.c
>> +++ b/src/shared/smack-util.c
>> @@ -33,6 +33,9 @@ bool use_smack(void) {
>> #ifdef HAVE_SMACK
>> static int use_smack_cached = -1;
>>
>> + if (use_smack_cached < 0 && access("/sys/fs/", F_OK) < 0)
>> + return false;
>> +
>> if (use_smack_cached < 0)
>> use_smack_cached = access("/sys/fs/smackfs/", F_OK) >= 0;
>>
>
>
> Lennart
--
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20140314/23a4bde8/attachment.pgp>
More information about the systemd-devel
mailing list