summaryrefslogtreecommitdiff
path: root/src/basic
diff options
context:
space:
mode:
authorSangjung Woo <sangjung.woo@samsung.com>2015-10-06 19:08:16 +0900
committerSangjung Woo <sangjung.woo@samsung.com>2015-10-07 16:37:25 +0900
commitc02e7b1ecc7d88f6529ca3d1d231536300991a02 (patch)
tree3ea3e71cbc54949ebec3b9f59bd0b2803ad51931 /src/basic
parent69b8a8ebaeaae13e82d44b386555921877bc0309 (diff)
smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled
systemd-sysusers.service unit creates system users and groups and it could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow. Those files should have '_' smack label because of accessibility. However, if systemd has its own smack label using '--with-smack-run-label' configuration, systemd-sysusers process spawned by systemd(pid:1) has its parent smack label and eventually updated files also is set as its parent smack label. This patch fixes that bug by labeling updated files as '_' smack label when --with-smack-run-label' is enabled.
Diffstat (limited to 'src/basic')
-rw-r--r--src/basic/smack-util.c3
-rw-r--r--src/basic/smack-util.h3
2 files changed, 3 insertions, 3 deletions
diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c
index 9e221d6eab..5f570ff02a 100644
--- a/src/basic/smack-util.c
+++ b/src/basic/smack-util.c
@@ -29,9 +29,6 @@
#include "fileio.h"
#include "smack-util.h"
-#define SMACK_FLOOR_LABEL "_"
-#define SMACK_STAR_LABEL "*"
-
#ifdef HAVE_SMACK
bool mac_smack_use(void) {
static int cached_use = -1;
diff --git a/src/basic/smack-util.h b/src/basic/smack-util.h
index b3aa55eb8a..e756dc8c28 100644
--- a/src/basic/smack-util.h
+++ b/src/basic/smack-util.h
@@ -27,6 +27,9 @@
#include "macro.h"
+#define SMACK_FLOOR_LABEL "_"
+#define SMACK_STAR_LABEL "*"
+
typedef enum SmackAttr {
SMACK_ATTR_ACCESS = 0,
SMACK_ATTR_EXEC = 1,