diff options
| -rw-r--r-- | configure.ac | 6 | ||||
| -rw-r--r-- | src/core/smack-setup.c | 8 |
2 files changed, 14 insertions, 0 deletions
diff --git a/configure.ac b/configure.ac index 4f26092e91..00ee9bb92d 100644 --- a/configure.ac +++ b/configure.ac @@ -524,6 +524,12 @@ else fi fi +AC_ARG_WITH(smack-run-label, +AS_HELP_STRING([--with-smack-run-label=STRING], + [run systemd --system with a specific SMACK label]), + [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run with a smack label])], + []) + if test "x${have_smack}" = xyes ; then AC_DEFINE(HAVE_SMACK, 1, [Define if SMACK is available]) fi diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c index 1434dea7c1..611bfdb2df 100644 --- a/src/core/smack-setup.c +++ b/src/core/smack-setup.c @@ -36,6 +36,7 @@ #include "macro.h" #include "smack-setup.h" #include "util.h" +#include "fileio.h" #include "log.h" #include "label.h" @@ -138,6 +139,13 @@ int smack_setup(void) { return 0; } +#ifdef SMACK_RUN_LABEL + r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL); + if (r) + log_warning("Failed to set SMACK label \"%s\" on self: %s", + SMACK_RUN_LABEL, strerror(-r)); +#endif + r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG); switch(r) { case -ENOENT: |