diff options
| author | Sangjung Woo <sangjung.woo@samsung.com> | 2015-10-21 17:42:34 +0900 |
|---|---|---|
| committer | Sangjung Woo <sangjung.woo@samsung.com> | 2015-10-24 20:53:54 +0900 |
| commit | 46a01abae985024572ec860bd02ca7f1fe458096 (patch) | |
| tree | 47569f7963e63c8504d9fedc946c1fda9ab383ce | |
| parent | 48d04f25bf400fe0ff612a23bb4785bb245b6139 (diff) | |
mount: add new SmackFileSystemRoot= setting for mount unit
This option specifies the label to assign the root of the file system if
it lacks the Smack extended attribute. Note that this option will be
ignored if kernel does not support the Smack feature by runtime
checking.
| -rw-r--r-- | man/systemd.mount.xml | 12 | ||||
| -rw-r--r-- | src/core/dbus-mount.c | 1 | ||||
| -rw-r--r-- | src/core/load-fragment-gperf.gperf.m4 | 1 | ||||
| -rw-r--r-- | src/core/mount.c | 36 | ||||
| -rw-r--r-- | src/core/mount.h | 1 |
5 files changed, 47 insertions, 4 deletions
diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index ffffc56936..d3775ff830 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -324,6 +324,18 @@ </varlistentry> <varlistentry> + <term><varname>SmackFileSystemRoot=</varname></term> + <listitem><para>Takes a string for the smack label. + This option specifies the label to assign the root of the + file system if it lacks the Smack extended attribute. + Note that this option will be ignored if kernel does not + support the Smack feature. + See <ulink + url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink> + for details. </para></listitem> + </varlistentry> + + <varlistentry> <term><varname>TimeoutSec=</varname></term> <listitem><para>Configures the time to wait for the mount command to finish. If a command does not exit within the diff --git a/src/core/dbus-mount.c b/src/core/dbus-mount.c index 24813c6d20..dbee7fc908 100644 --- a/src/core/dbus-mount.c +++ b/src/core/dbus-mount.c @@ -117,6 +117,7 @@ const sd_bus_vtable bus_mount_vtable[] = { SD_BUS_PROPERTY("ControlPID", "u", bus_property_get_pid, offsetof(Mount, control_pid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("DirectoryMode", "u", bus_property_get_mode, offsetof(Mount, directory_mode), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("SloppyOptions", "b", bus_property_get_bool, offsetof(Mount, sloppy_options), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("SmackFileSystemRoot", "s", NULL, offsetof(Mount, smack_fs_root), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Mount, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), BUS_EXEC_COMMAND_VTABLE("ExecMount", offsetof(Mount, exec_command[MOUNT_EXEC_MOUNT]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), BUS_EXEC_COMMAND_VTABLE("ExecUnmount", offsetof(Mount, exec_command[MOUNT_EXEC_UNMOUNT]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index 89e624b557..507cfdde75 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -319,6 +319,7 @@ Mount.Type, config_parse_string, 0, Mount.TimeoutSec, config_parse_sec, 0, offsetof(Mount, timeout_usec) Mount.DirectoryMode, config_parse_mode, 0, offsetof(Mount, directory_mode) Mount.SloppyOptions, config_parse_bool, 0, offsetof(Mount, sloppy_options) +Mount.SmackFileSystemRoot, config_parse_string, 0, offsetof(Mount, smack_fs_root) EXEC_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl CGROUP_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl KILL_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl diff --git a/src/core/mount.c b/src/core/mount.c index 8611129453..0d1a9b9de7 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -39,6 +39,7 @@ #include "exit-status.h" #include "fstab-util.h" #include "formats-util.h" +#include "smack-util.h" #define RETRY_UMOUNT_MAX 32 @@ -202,6 +203,7 @@ static void mount_done(Unit *u) { assert(m); m->where = mfree(m->where); + m->smack_fs_root = mfree(m->smack_fs_root); mount_parameters_done(&m->parameters_proc_self_mountinfo); mount_parameters_done(&m->parameters_fragment); @@ -666,7 +668,8 @@ static void mount_dump(Unit *u, FILE *f, const char *prefix) { "%sOptions: %s\n" "%sFrom /proc/self/mountinfo: %s\n" "%sFrom fragment: %s\n" - "%sDirectoryMode: %04o\n", + "%sDirectoryMode: %04o\n" + "%sSmackFileSystemRoot: %s\n", prefix, mount_state_to_string(m->state), prefix, mount_result_to_string(m->result), prefix, m->where, @@ -675,7 +678,8 @@ static void mount_dump(Unit *u, FILE *f, const char *prefix) { prefix, p ? strna(p->options) : "n/a", prefix, yes_no(m->from_proc_self_mountinfo), prefix, yes_no(m->from_fragment), - prefix, m->directory_mode); + prefix, m->directory_mode, + prefix, strna(m->smack_fs_root)); if (m->control_pid > 0) fprintf(f, @@ -852,6 +856,31 @@ fail: mount_enter_mounted(m, MOUNT_FAILURE_RESOURCES); } +static int mount_get_opts(Mount *m, char **_opts) { + int r; + char *o = NULL, *opts = NULL; + + r = fstab_filter_options(m->parameters_fragment.options, + "nofail\0" "noauto\0" "auto\0", NULL, NULL, &o); + if (r < 0) + return r; + + if (mac_smack_use() && m->smack_fs_root) { + if (!isempty(o)) { + opts = strjoin(o, ",", "smackfsroot=", m->smack_fs_root, NULL); + free(o); + } else + opts = strjoin("smackfsroot=", m->smack_fs_root, NULL); + + if (!opts) + return -ENOMEM; + } else + opts = o; + + *_opts = opts; + return 0; +} + static void mount_enter_mounting(Mount *m) { int r; MountParameters *p; @@ -877,8 +906,7 @@ static void mount_enter_mounting(Mount *m) { if (m->from_fragment) { _cleanup_free_ char *opts = NULL; - r = fstab_filter_options(m->parameters_fragment.options, - "nofail\0" "noauto\0" "auto\0", NULL, NULL, &opts); + r = mount_get_opts(m, &opts); if (r < 0) goto fail; diff --git a/src/core/mount.h b/src/core/mount.h index 83d14ae713..4e28810f6c 100644 --- a/src/core/mount.h +++ b/src/core/mount.h @@ -71,6 +71,7 @@ struct Mount { bool reset_cpu_usage:1; bool sloppy_options; + char *smack_fs_root; MountResult result; MountResult reload_result; |