summaryrefslogtreecommitdiff
path: root/src/core/load-fragment-gperf.gperf.m4
diff options
context:
space:
mode:
authorWaLyong Cho <walyong.cho@samsung.com>2014-11-24 20:46:20 +0900
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2014-11-24 10:20:53 -0500
commit2ca620c4ed28c01f285d869d0b22f22a360957da (patch)
treeb4807e97bf97f36c5b28fbe84c96a34864e6b972 /src/core/load-fragment-gperf.gperf.m4
parent8086ffacdb1bfec5ec115d24626538bda6cc372e (diff)
smack: introduce new SmackProcessLabel option
In service file, if the file has some of special SMACK label in ExecStart= and systemd has no permission for the special SMACK label then permission error will occurred. To resolve this, systemd should be able to set its SMACK label to something accessible of ExecStart=. So introduce new SmackProcessLabel. If label is specified with SmackProcessLabel= then the child systemd will set its label to that. To successfully execute the ExecStart=, accessible label should be specified with SmackProcessLabel=. Additionally, by SMACK policy, if the file in ExecStart= has no SMACK64EXEC then the executed process will have given label by SmackProcessLabel=. But if the file has SMACK64EXEC then the SMACK64EXEC label will be overridden. [zj: reword man page]
Diffstat (limited to 'src/core/load-fragment-gperf.gperf.m4')
-rw-r--r--src/core/load-fragment-gperf.gperf.m47
1 files changed, 5 insertions, 2 deletions
diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4
index 1d2debe70f..a94b805b4b 100644
--- a/src/core/load-fragment-gperf.gperf.m4
+++ b/src/core/load-fragment-gperf.gperf.m4
@@ -95,8 +95,11 @@ m4_ifdef(`HAVE_SELINUX',
`$1.SELinuxContext, config_parse_exec_selinux_context, 0, offsetof($1, exec_context)',
`$1.SELinuxContext, config_parse_warn_compat, 0, 0')
m4_ifdef(`HAVE_APPARMOR',
-`$1.AppArmorProfile, config_parse_exec_apparmor_profile,0, offsetof($1, exec_context)',
-`$1.AppArmorProfile, config_parse_warn_compat, 0, 0')'
+`$1.AppArmorProfile, config_parse_exec_apparmor_profile, 0, offsetof($1, exec_context)',
+`$1.AppArmorProfile, config_parse_warn_compat, 0, 0')
+m4_ifdef(`HAVE_SMACK',
+`$1.SmackProcessLabel, config_parse_exec_smack_process_label, 0, offsetof($1, exec_context)',
+`$1.SmackProcessLabel, config_parse_warn_compat, 0, 0')'
)m4_dnl
m4_define(`KILL_CONTEXT_CONFIG_ITEMS',
`$1.SendSIGKILL, config_parse_bool, 0, offsetof($1, kill_context.send_sigkill)