[systemd-devel] [PATCH v3] smack: introduce new SmackProcessLabel option
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Mon Nov 24 07:21:56 PST 2014
On Mon, Nov 24, 2014 at 08:46:20PM +0900, WaLyong Cho wrote:
> In service file, if the file has some of special SMACK label in
> ExecStart= and systemd has no permission for the special SMACK label
> then permission error will occurred. To resolve this, systemd should
> be able to set its SMACK label to something accessible of ExecStart=.
> So introduce new SmackProcessLabel. If label is specified with
> SmackProcessLabel= then the child systemd will set its label to
> that. To successfully execute the ExecStart=, accessible label should
> be specified with SmackProcessLabel=.
> Additionally, by SMACK policy, if the file in ExecStart= has no
> SMACK64EXEC then the executed process will have given label by
> SmackProcessLabel=. But if the file has SMACK64EXEC then the
> SMACK64EXEC label will be overridden.
Applied!
Zbyszek
More information about the systemd-devel
mailing list