summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAuke Kok <auke-jan.h.kok@intel.com>2013-09-25 15:49:42 -0700
committerAuke Kok <auke-jan.h.kok@intel.com>2013-10-07 10:23:20 -0700
commit8b197c3a8a57c3f7c231b39e5660856fd9580c80 (patch)
tree7d917843342adab5f2002d0cfb730eb18c462419 /src
parentd407c9402064d8b9d1b12dca6ca1ddb2688e5454 (diff)
Run with a custom SMACK domain (label).
Allows the systemd --system process to change its current SMACK label to a predefined custom label (usually "system") at boot time. This is needed to have a few system-generated folders and sockets automatically be created with the right SMACK label. Without that, processes either cannot communicate with systemd or systemd fails to perform some actions.
Diffstat (limited to 'src')
-rw-r--r--src/core/smack-setup.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index 1434dea7c1..611bfdb2df 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -36,6 +36,7 @@
#include "macro.h"
#include "smack-setup.h"
#include "util.h"
+#include "fileio.h"
#include "log.h"
#include "label.h"
@@ -138,6 +139,13 @@ int smack_setup(void) {
return 0;
}
+#ifdef SMACK_RUN_LABEL
+ r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL);
+ if (r)
+ log_warning("Failed to set SMACK label \"%s\" on self: %s",
+ SMACK_RUN_LABEL, strerror(-r));
+#endif
+
r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
switch(r) {
case -ENOENT: