From: jooseong lee <jooseong.lee@samsung.com>
Date: Wed, 20 Jul 2016 11:05:16 +0000 (+0900)
Subject: Set the SMACK security label to run given executable file in systemd services
X-Git-Tag: submit/tizen/20160721.003054^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=146ddab6213428a7b2865d10311525a1f549957c;p=platform%2Fadaptation%2Fsystem-plugin.git

Set the SMACK security label to run given executable file in systemd services

Change-Id: I4ed51c4f9a533caf87094b22d917316f83730ccc
Signed-off-by: jooseong lee <jooseong.lee@samsung.com>
---

diff --git a/units/resize2fs@.service b/units/resize2fs@.service
index 8802a59..6bdd9b6 100644
--- a/units/resize2fs@.service
+++ b/units/resize2fs@.service
@@ -8,6 +8,7 @@ Before=shutdown.target
 
 [Service]
 Type=oneshot
+SmackProcessLabel=System
 ExecStart=/sbin/resize2fs -f %f
 ExecStartPost=/bin/ln -s /dev/null /etc/systemd/system/resize2fs@%i.service
 StandardOutput=journal+console
diff --git a/units/tizen-fstrim-user.service b/units/tizen-fstrim-user.service
index 524086d..33cea57 100644
--- a/units/tizen-fstrim-user.service
+++ b/units/tizen-fstrim-user.service
@@ -4,6 +4,7 @@ Requires=opt.mount
 
 [Service]
 Type=oneshot
+SmackProcessLabel=System
 ExecStart=/usr/bin/tizen-fstrim-on-charge.sh /opt
 StandardOutput=journal
 StandardError=inherit
diff --git a/units/tizen-system-env.service b/units/tizen-system-env.service
index 3130b8c..fac769e 100644
--- a/units/tizen-system-env.service
+++ b/units/tizen-system-env.service
@@ -5,6 +5,7 @@ Before=basic.target
 
 [Service]
 Type=oneshot
+SmackProcessLabel=System
 ExecStart=/usr/bin/env -i sh -c 'source /etc/profile; env | /bin/egrep -v "^(HOME|PWD|SHLVL|_|USER|MAIL|LOGNAME|XDG_RUNTIME_DIR)=" > /run/tizen-system-env'
 ExecStart=/usr/bin/env -i sh -c 'source /etc/profile; env | /bin/egrep -e "XDG_RUNTIME_DIR=" > /run/xdg-root-env'
 
diff --git a/units/umount-opt.service b/units/umount-opt.service
index dcf6c13..9402151 100644
--- a/units/umount-opt.service
+++ b/units/umount-opt.service
@@ -8,4 +8,5 @@ Requires=local-fs-pre.target
 [Service]
 Type=oneshot
 RemainAfterExit=yes
+SmackProcessLabel=System
 ExecStart=/bin/umount -l /opt