Add smackfsroot, smackfsdef in mount options of ecryptfs

author Sungbae Yoo <sungbae.yoo@samsung.com>

Tue, 23 May 2017 06:59:34 +0000 (15:59 +0900)

committer Sungbae Yoo <sungbae.yoo@samsung.com>

Tue, 23 May 2017 07:01:34 +0000 (16:01 +0900)
author Sungbae Yoo <sungbae.yoo@samsung.com>
Tue, 23 May 2017 06:59:34 +0000 (15:59 +0900)
committer Sungbae Yoo <sungbae.yoo@samsung.com>
Tue, 23 May 2017 07:01:34 +0000 (16:01 +0900)
diff --git a/server/engine/encryption/ecryptfs-engine.cpp b/server/engine/encryption/ecryptfs-engine.cpp

index 51fb925..5c087cf 100644 (file)
--- a/server/engine/encryption/ecryptfs-engine.cpp
+++ b/server/engine/encryption/ecryptfs-engine.cpp
@@ -303,6 +303,7 @@ void ecryptfsMount(const std::string &source, const std::string &destination, co
  
         mountOption = "ecryptfs_passthrough"
                 ",ecryptfs_cipher=" CIPHER_MODE
+               ",smackfsroot=*,smackfsdef=*"
                 ",ecryptfs_sig=" + std::string((char *)payload.token.password.signature) +
                 ",ecryptfs_key_bytes=" + std::to_string(payload.token.password.sessionKeyEncryptionKeySize);
  
diff --git a/server/systemd/ode.service.in b/server/systemd/ode.service.in

index 2080c19..85e19c6 100644 (file)
--- a/server/systemd/ode.service.in
+++ b/server/systemd/ode.service.in
@@ -4,11 +4,10 @@ Before=deviced.service
  
  [Service]
  Type=simple
-SmackProcessLabel=System
+SmackProcessLabel=System::Privileged
  ExecStart=@BIN_DIR@/@PROJECT_NAME@d
  Restart=on-failure
  ExecReload=/bin/kill -HUP $MAINPID
-CapabilityBoundingSet=~CAP_MAC_ADMIN
  CapabilityBoundingSet=~CAP_MAC_OVERRIDE
  EnvironmentFile=/run/tizen-system-env
  EnvironmentFile=/run/xdg-root-env
author	Sungbae Yoo <sungbae.yoo@samsung.com>
	Tue, 23 May 2017 06:59:34 +0000 (15:59 +0900)
committer	Sungbae Yoo <sungbae.yoo@samsung.com>
	Tue, 23 May 2017 07:01:34 +0000 (16:01 +0900)
server/engine/encryption/ecryptfs-engine.cpp		patch \| blob \| history
server/systemd/ode.service.in		patch \| blob \| history