diff options
author | Sangjung Woo <sangjung.woo@samsung.com> | 2015-09-23 20:41:52 +0900 |
---|---|---|
committer | Sangjung Woo <sangjung.woo@samsung.com> | 2015-09-23 20:41:52 +0900 |
commit | 6bf6e43e7e214a4bd03008a91a7fc77ce6934d65 (patch) | |
tree | 58592db7eccd4fd57476e206249a573f41f565f8 /man/systemd-hwdb.xml | |
parent | dbb319464a91d2e4592bf5245bc8c08d09f43876 (diff) |
exec: call setup_pam() after SMACK labeling
When 'SmackProcessLabel=' is used in user@.service file, all processes
launched in systemd user session should be labeled as the designated name
of 'SmackProcessLabel' directive. However, if systemd has its own smack
label using '--with-smack-run-label' configuration, '(sd-pam)' is
labeled as the specific name of '--with-smack-run-label'. If
'SmackProcessLabel=' is used in user@.service file without
'--with-smack-run-label' configuration, (sd-pam) is labeled as "_" since
systemd (i.e. pid=1) is labeled as "_".
This is mainly because setup_pam() function is called before applying
smack label to child process. This patch fixes it by calling setup_pam()
after setting the smack label.
Diffstat (limited to 'man/systemd-hwdb.xml')
0 files changed, 0 insertions, 0 deletions