enable_modules() {
/bin/echo 1 > /sys/kernel/debug/swap/enable
- /bin/chown -R system:system /sys/kernel/debug/swap
-
- /usr/bin/chsmack -r -a System::Privileged /sys/kernel/debug/swap
- /usr/bin/chsmack -a System::Privileged /dev/swap_device
}
disable_modules() {
-KERNEL=="swap_device", OWNER="system", GROUP="system"
-
+KERNEL=="swap_device", OWNER="system_fw", GROUP="system_fw"
# setup /tmp/da
-d /tmp/da 0777 system system -
+d /tmp/da 0777 system_fw system_fw -
t /tmp/da - - - - security.SMACK64=_
# setup /tmp/port.da
-f /tmp/port.da 0644 system system -
+f /tmp/port.da 0644 system_fw system_fw -
t /tmp/port.da - - - - security.SMACK64=System::Shared
# setup /tmp/swap_manager.pid
t /tmp/swap_manager.pid - - - - security.SMACK64=System::Shared
# setup /tmp/swap/
-d /tmp/swap 0777 system system -
+d /tmp/swap 0777 system_fw system_fw -
t /tmp/swap - - - - security.SMACK64=System::Privileged
[Service]
Type=oneshot
-User=root
-Group=root
+User=system_fw
+Group=system_fw
+SmackProcessLabel=System::Privileged
# $(/bin/cat /tmp/swap/module) - get command
ExecStart=/bin/sh -c '/usr/bin/swap_module.sh $(/bin/cat /tmp/swap/module)'