[systemd-devel] [PATCH] logind: mount per-user tmpfs with 'smackfsroot=*' for smack enabled systems
Lennart Poettering
lennart at poettering.net
Thu Oct 9 02:39:20 PDT 2014
On Thu, 09.10.14 11:02, Lukasz Skalski (l.skalski at samsung.com) wrote:
Applied! Thanks!
> ---
> src/login/logind-user.c | 8 +++++++-
> units/systemd-logind.service.in | 2 +-
> 2 files changed, 8 insertions(+), 2 deletions(-)
>
> diff --git a/src/login/logind-user.c b/src/login/logind-user.c
> index d48eca4..3847496 100644
> --- a/src/login/logind-user.c
> +++ b/src/login/logind-user.c
> @@ -37,6 +37,7 @@
> #include "conf-parser.h"
> #include "clean-ipc.h"
> #include "logind-user.h"
> +#include "smack-util.h"
>
> User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name) {
> User *u;
> @@ -325,7 +326,12 @@ static int user_mkdir_runtime_path(User *u) {
>
> mkdir(p, 0700);
>
> - if (asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size) < 0) {
> + if (use_smack())
> + r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
> + else
> + r = asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
> +
> + if (r < 0) {
> r = log_oom();
> goto fail;
> }
> diff --git a/units/systemd-logind.service.in b/units/systemd-logind.service.in
> index c6cbd1c..f087e99 100644
> --- a/units/systemd-logind.service.in
> +++ b/units/systemd-logind.service.in
> @@ -23,7 +23,7 @@ ExecStart=@rootlibexecdir@/systemd-logind
> Restart=always
> RestartSec=0
> BusName=org.freedesktop.login1
> -CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
> +CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
> WatchdogSec=1min
>
> # Increase the default a bit in order to allow many simultaneous
> --
> 1.9.3
>
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel
>
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list