Temporarily disable Smack for POSIX shared memory
Mount /dev/shm directory, used by glibc for implementation of POSIX shared
memory segments, will now be mounted with System::Run label, transmutable.
This effectively disables any access control by Smack on POSIX SHMs.
Programs running with the same UID and GIDs, but different Smack labels
(i.e. applications, user services) will be able to spy on each others SHM.
This is a temporary workaround for problems with audio architecture not
compliant with Tizen 3.0 security architecture. Applications using pulse
audio try to exchange SHM segments.
This patch is to be reverted in the near future. It is needed for now to
have a working release.
Change-Id: I82fa7b33ad415a5b57d6e2c3e8c6ea642c659ab7
Signed-off-by: Rafal Krypa <r.krypa@samsung.com>