diff options
author | Auke Kok <auke-jan.h.kok@intel.com> | 2013-09-25 15:49:42 -0700 |
---|---|---|
committer | Auke Kok <auke-jan.h.kok@intel.com> | 2013-10-07 10:23:20 -0700 |
commit | 8b197c3a8a57c3f7c231b39e5660856fd9580c80 (patch) | |
tree | 7d917843342adab5f2002d0cfb730eb18c462419 /src | |
parent | d407c9402064d8b9d1b12dca6ca1ddb2688e5454 (diff) |
Run with a custom SMACK domain (label).
Allows the systemd --system process to change its current
SMACK label to a predefined custom label (usually "system")
at boot time.
This is needed to have a few system-generated folders and
sockets automatically be created with the right SMACK
label. Without that, processes either cannot communicate with
systemd or systemd fails to perform some actions.
Diffstat (limited to 'src')
-rw-r--r-- | src/core/smack-setup.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 1434dea7c1..611bfdb2df 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -36,6 +36,7 @@ #include "macro.h" #include "smack-setup.h" #include "util.h" +#include "fileio.h" #include "log.h" #include "label.h" @@ -138,6 +139,13 @@ int smack_setup(void) { return 0; } +#ifdef SMACK_RUN_LABEL + r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL); + if (r) + log_warning("Failed to set SMACK label \"%s\" on self: %s", + SMACK_RUN_LABEL, strerror(-r)); +#endif + r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG); switch(r) { case -ENOENT: |