diff options
author | Sangjung Woo <sangjung.woo@samsung.com> | 2015-09-10 21:52:39 +0900 |
---|---|---|
committer | Sangjung Woo <sangjung.woo@samsung.com> | 2015-09-10 21:52:39 +0900 |
commit | 1fab0cbafcb67cff912d0e45de9677135550f924 (patch) | |
tree | c46bdad54e89e59ae0d7b33decb3e3db8f970303 /configure.ac | |
parent | f33be3119806f96898dda6ade492fbdcdf8f79b8 (diff) |
smack: label /etc/mtab as "_" when '--with-smack-run-label' is enabled.
/etc/mtab should be labeled as "_", even though systemd has its own
smack label using '--with-smack-run-label' configuration. This is mainly
because all processes could read that file and the origin of this file
(i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when
'--with-smack-run-label' is enabled.
Diffstat (limited to 'configure.ac')
-rw-r--r-- | configure.ac | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/configure.ac b/configure.ac index 2024939ad0..aad6782e08 100644 --- a/configure.ac +++ b/configure.ac @@ -657,12 +657,17 @@ if test "x${have_smack}" = xauto; then have_smack=yes fi +have_smack_run_label=no AC_ARG_WITH(smack-run-label, AS_HELP_STRING([--with-smack-run-label=STRING], [run systemd --system itself with a specific SMACK label]), - [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run systemd itself with SMACK label])], + [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run systemd itself with SMACK label]) have_smack_run_label=yes], []) +if test "x${have_smack_run_label}" = xyes; then + M4_DEFINES="$M4_DEFINES -DHAVE_SMACK_RUN_LABEL" +fi + AC_ARG_WITH(smack-default-process-label, AS_HELP_STRING([--with-smack-default-process-label=STRING], [default SMACK label for executed processes]), |