units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled

If SMACK is enabled, 'smackfsroot=*' option should be specified in tmp.mount file since many non-root processes use /tmp for temporary usage. If not, /tmp is labeled as '_' and smack denial occurs when writing.
author: Sangjung Woo <sangjung.woo@samsung.com> 2015-10-14 15:57:47 +0900
committer: Sangjung Woo <sangjung.woo@samsung.com> 2015-10-15 14:02:44 +0900
commit: 409c2a13fd65692c611b7bcaba12e908ef7cf1e5 (patch)
tree: c45178713d782f8400b8ce279faf83485194b3d5 /units/tmp.mount.m4
parent: e296313f7b397a45b144313056b50374c3bf4016 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/units/tmp.mount.m4 b/units/tmp.mount.m4
new file mode 100644
index 0000000000..d537746dbf
--- /dev/null
+++ b/units/tmp.mount.m4
@@ -0,0 +1,23 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+[Unit]
+Description=Temporary Directory
+Documentation=man:hier(7)
+Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
+ConditionPathIsSymbolicLink=!/tmp
+DefaultDependencies=no
+Conflicts=umount.target
+Before=local-fs.target umount.target
+
+[Mount]
+What=tmpfs
+Where=/tmp
+Type=tmpfs
+m4_ifdef(`HAVE_SMACK',
+`Options=mode=1777,strictatime,smackfsroot=*',
+`Options=mode=1777,strictatime')
author	Sangjung Woo <sangjung.woo@samsung.com>	2015-10-14 15:57:47 +0900
committer	Sangjung Woo <sangjung.woo@samsung.com>	2015-10-15 14:02:44 +0900
commit	409c2a13fd65692c611b7bcaba12e908ef7cf1e5 (patch)
tree	c45178713d782f8400b8ce279faf83485194b3d5 /units/tmp.mount.m4
parent	e296313f7b397a45b144313056b50374c3bf4016 (diff)