diff options
| -rw-r--r-- | Makefile.am | 4 | ||||
| -rw-r--r-- | src/core/mount-setup.c | 9 | ||||
| -rw-r--r-- | src/shared/smack-util.c | 36 | ||||
| -rw-r--r-- | src/shared/smack-util.h | 28 |
4 files changed, 72 insertions, 5 deletions
diff --git a/Makefile.am b/Makefile.am index 31dde6f03f..1458697c05 100644 --- a/Makefile.am +++ b/Makefile.am @@ -723,7 +723,9 @@ libsystemd_shared_la_SOURCES = \ src/shared/boot-timestamps.c \ src/shared/refcnt.h \ src/shared/mkdir.c \ - src/shared/mkdir.h + src/shared/mkdir.h \ + src/shared/smack-util.c \ + src/shared/smack-util.h #------------------------------------------------------------------------------- noinst_LTLIBRARIES += \ diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 7845e88644..73c2698ea3 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -42,6 +42,7 @@ #include "missing.h" #include "virt.h" #include "efivars.h" +#include "smack-util.h" #ifndef TTY_GID #define TTY_GID 5 @@ -77,11 +78,11 @@ static const MountPoint mount_table[] = { NULL, MNT_FATAL|MNT_IN_CONTAINER }, { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, NULL, MNT_NONE }, - { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, - NULL, MNT_NONE }, #ifdef HAVE_SMACK + { "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, + use_smack, MNT_FATAL }, { "tmpfs", "/dev/shm", "tmpfs", "mode=1777,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME, - NULL, MNT_IN_CONTAINER }, + use_smack, MNT_FATAL }, #endif { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, NULL, MNT_FATAL|MNT_IN_CONTAINER }, @@ -89,7 +90,7 @@ static const MountPoint mount_table[] = { NULL, MNT_IN_CONTAINER }, #ifdef HAVE_SMACK { "tmpfs", "/run", "tmpfs", "mode=755,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME, - NULL, MNT_IN_CONTAINER }, + use_smack, MNT_FATAL }, #endif { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, NULL, MNT_FATAL|MNT_IN_CONTAINER }, diff --git a/src/shared/smack-util.c b/src/shared/smack-util.c new file mode 100644 index 0000000000..a73eaac6de --- /dev/null +++ b/src/shared/smack-util.c @@ -0,0 +1,36 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +/*** + This file is part of systemd. + + Copyright 2013 Intel Corporation + + Author: Auke Kok <auke-jan.h.kok@intel.com> + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include "smack-util.h" + +#include <unistd.h> + +static int use_smack_cached = -1; + +bool use_smack(void) { + + if (use_smack_cached < 0) + use_smack_cached = (access("/sys/fs/smackfs", F_OK) >= 0); + + return use_smack_cached; +} diff --git a/src/shared/smack-util.h b/src/shared/smack-util.h new file mode 100644 index 0000000000..7b950ea0cb --- /dev/null +++ b/src/shared/smack-util.h @@ -0,0 +1,28 @@ +/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/ + +#pragma once + +/*** + This file is part of systemd. + + Copyright 2013 Intel Corporation + + Author: Auke Kok <auke-jan.h.kok@intel.com> + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see <http://www.gnu.org/licenses/>. +***/ + +#include <stdbool.h> + +bool use_smack(void); |