From 5dfcb8d20021c8fc555a86c4fbbc72d5c9837150 Mon Sep 17 00:00:00 2001 From: Sangjung Woo Date: Wed, 21 Oct 2015 21:48:13 +0900 Subject: [PATCH] units: add 'SmackFileSystemRoot=*' option into tmp.mount If SMACK is enabled, 'smackfsroot=*' option should be specified when /tmp is mounted since many non-root processes use /tmp for temporary usage. If not, /tmp is labeled as '_' and smack denial occurs when writing. In order to do that, 'SmackFileSystemRoot=*' is newly added into tmp.mount. --- Makefile.am | 3 ++- units/{tmp.mount => tmp.mount.m4} | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) rename units/{tmp.mount => tmp.mount.m4} (92%) diff --git a/Makefile.am b/Makefile.am index fa25485..89eaf80 100644 --- a/Makefile.am +++ b/Makefile.am @@ -616,7 +616,8 @@ EXTRA_DIST += \ units/initrd-udevadm-cleanup-db.service.in \ units/initrd-switch-root.service.in \ units/systemd-nspawn@.service.in \ - units/systemd-update-done.service.in + units/systemd-update-done.service.in \ + units/tmp.mount.m4 if HAVE_SYSV_COMPAT nodist_systemunit_DATA += \ diff --git a/units/tmp.mount b/units/tmp.mount.m4 similarity index 92% rename from units/tmp.mount rename to units/tmp.mount.m4 index 00a0d28..e1e26bd 100644 --- a/units/tmp.mount +++ b/units/tmp.mount.m4 @@ -19,3 +19,6 @@ What=tmpfs Where=/tmp Type=tmpfs Options=mode=1777,strictatime +m4_ifdef(`HAVE_SMACK', +SmackFileSystemRoot=* +)m4_dnl -- 2.7.4