smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled

systemd-sysusers.service unit creates system users and groups and it could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow. Those files should have '_' smack label because of accessibility. However, if systemd has its own smack label using '--with-smack-run-label' configuration, systemd-sysusers process spawned by systemd(pid:1) has its parent smack label and eventually updated files also is set as its parent smack label. This patch fixes that bug by labeling updated files as '_' smack label when --with-smack-run-label' is enabled.
author: Sangjung Woo <sangjung.woo@samsung.com> 2015-10-06 19:08:16 +0900
committer: Sangjung Woo <sangjung.woo@samsung.com> 2015-10-07 16:37:25 +0900
commit: c02e7b1ecc7d88f6529ca3d1d231536300991a02 (patch)
tree: 3ea3e71cbc54949ebec3b9f59bd0b2803ad51931 /src/basic/smack-util.h
parent: 69b8a8ebaeaae13e82d44b386555921877bc0309 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/basic/smack-util.h b/src/basic/smack-util.h
index b3aa55eb8a..e756dc8c28 100644
--- a/src/basic/smack-util.h
+++ b/src/basic/smack-util.h
@@ -27,6 +27,9 @@
 
 #include "macro.h"
 
+#define SMACK_FLOOR_LABEL "_"
+#define SMACK_STAR_LABEL  "*"
+
 typedef enum SmackAttr {
         SMACK_ATTR_ACCESS = 0,
         SMACK_ATTR_EXEC = 1,
author	Sangjung Woo <sangjung.woo@samsung.com>	2015-10-06 19:08:16 +0900
committer	Sangjung Woo <sangjung.woo@samsung.com>	2015-10-07 16:37:25 +0900
commit	c02e7b1ecc7d88f6529ca3d1d231536300991a02 (patch)
tree	3ea3e71cbc54949ebec3b9f59bd0b2803ad51931 /src/basic/smack-util.h
parent	69b8a8ebaeaae13e82d44b386555921877bc0309 (diff)