[systemd-devel] [PATCH] add configuration for smackfs root
WaLyong Cho
walyong.cho at samsung.com
Wed Nov 26 08:02:01 PST 2014
The smackfs root was changed few month ago. But some of systems are
still using old smackfs root. For compatibility, add smackfs root
configure option. Default is /sys/fs/smackfs.
---
Makefile.am | 1 +
configure.ac | 7 +++++++
src/core/mount-setup.c | 2 +-
src/core/smack-setup.c | 4 ++--
src/shared/smack-util.c | 2 +-
5 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index b52ff8e..c91c1b7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -192,6 +192,7 @@ AM_CPPFLAGS = \
-DUDEVLIBEXECDIR=\"$(udevlibexecdir)\" \
-DPOLKIT_AGENT_BINARY_PATH=\"$(bindir)/pkttyagent\" \
-DQUOTACHECK=\"$(QUOTACHECK)\" \
+ -DSMACKFSROOT=\"$(SMACKFSROOT)\" \
-DKEXEC=\"$(KEXEC)\" \
-DLIBDIR=\"$(libdir)\" \
-DROOTLIBDIR=\"$(rootlibdir)\" \
diff --git a/configure.ac b/configure.ac
index a4e91e3..97cd5ad 100644
--- a/configure.ac
+++ b/configure.ac
@@ -661,6 +661,13 @@ AS_HELP_STRING([--with-smack-run-label=STRING],
[AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run with a smack label])],
[])
+AC_ARG_WITH(smackfs-root,
+ AS_HELP_STRING([--with-smackfs-root=PATH],
+ [Specify the smackfs root [/sys/fs/smackfs]]),
+ [SMACKFSROOT="$withval"],
+ [SMACKFSROOT="/sys/fs/smackfs"])
+AC_SUBST(SMACKFSROOT)
+
if test "x${have_smack}" = xyes ; then
AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available])
fi
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index df9d9da..01fed83 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -81,7 +81,7 @@ static const MountPoint mount_table[] = {
{ "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE },
#ifdef HAVE_SMACK
- { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
+ { "smackfs", SMACKFSROOT, "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME,
mac_smack_use, MNT_FATAL },
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
mac_smack_use, MNT_FATAL },
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index d0fd180..b81d76f 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -124,7 +124,7 @@ int mac_smack_setup(bool *loaded_policy) {
assert(loaded_policy);
- r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
+ r = write_rules(SMACKFSROOT "/load2", SMACK_CONFIG);
switch(r) {
case -ENOENT:
log_debug("Smack is not enabled in the kernel.");
@@ -148,7 +148,7 @@ int mac_smack_setup(bool *loaded_policy) {
SMACK_RUN_LABEL, strerror(-r));
#endif
- r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
+ r = write_rules(SMACKFSROOT "/cipso2", CIPSO_CONFIG);
switch(r) {
case -ENOENT:
log_debug("Smack/CIPSO is not enabled in the kernel.");
diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c
index b6c9643..551a234 100644
--- a/src/shared/smack-util.c
+++ b/src/shared/smack-util.c
@@ -36,7 +36,7 @@ bool mac_smack_use(void) {
static int cached_use = -1;
if (cached_use < 0)
- cached_use = access("/sys/fs/smackfs/", F_OK) >= 0;
+ cached_use = access(SMACKFSROOT, F_OK) >= 0;
return cached_use;
#else
--
1.9.3
More information about the systemd-devel
mailing list