diff options
| author | Sangjung Woo <sangjung.woo@samsung.com> | 2015-09-08 15:09:40 +0900 | 
|---|---|---|
| committer | Sangjung Woo <sangjung.woo@samsung.com> | 2015-09-09 20:26:52 +0900 | 
| commit | f8c1a81c5188ca121573caeee290e39ef966e3e6 (patch) | |
| tree | 2a16ffd21b56d92be81fede6b0068888e1c4c3db /src | |
| parent | ba056b738d407ace25e5e4a2f9c890de229bf69f (diff) | |
smack: bugfix the smack label of symlink when '--with-smack-run-label' is set
Even though systemd has its own smack label since
'--with-smack-run-label' configuration is set, the smack label of each
CGROUP root directory should have the star (i.e. *) label. This is
mainly because current Linux Kernel set the label in this way.
(Refer to smack_d_instantiate() in security/smack/smack_lsm.c)
However, if systemd has its own smack label and arg_join_controllers is
explicitly set or initialized by initialize_join_controllers() function,
current systemd creates the symlink in CGROUP root directory with its
own smack label as below.
lrwxrwxrwx. 1 root root System  11 Dec 31 16:00 cpu -> cpu,cpuacct
dr-xr-xr-x. 4 root root *        0 Dec 31 16:01 cpu,cpuacct
lrwxrwxrwx. 1 root root System  11 Dec 31 16:00 cpuacct -> cpu,cpuacct
This patch fixes that bug by copying the smack label from the origin.
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/mount-setup.c | 5 | 
1 files changed, 5 insertions, 0 deletions
| diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index e84f80b61b..65f3d06ad0 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -303,6 +303,11 @@ int mount_cgroup_controllers(char ***join_controllers) {                                  r = symlink(options, t);                                  if (r < 0 && errno != EEXIST)                                          return log_error_errno(errno, "Failed to create symlink %s: %m", t); +#ifdef SMACK_RUN_LABEL +                                r = mac_smack_copy(t, options); +                                if (r < 0 && r != -EOPNOTSUPP) +                                        return log_error_errno(r, "Failed to copy smack label from %s to %s: %m", options, t); +#endif                          }                  }          } | 
