6 files changed, 34 insertions, 8 deletions

diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c
index 6d5c205117..9e221d6eab 100644
--- a/src/basic/smack-util.c
+++ b/src/basic/smack-util.c
@@ -185,6 +185,23 @@ int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
         return r;
 }
 
+int mac_smack_copy(const char *dest, const char *src) {
+        int r = 0;
+        _cleanup_free_ char *label = NULL;
+
+        assert(dest);
+        assert(src);
+
+        r = mac_smack_read(src, SMACK_ATTR_ACCESS, &label);
+        if (r < 0)
+                return r;
+
+        r = mac_smack_apply(dest, SMACK_ATTR_ACCESS, label);
+        if (r < 0)
+                return r;
+
+        return r;
+}
 
 #else
 bool mac_smack_use(void) {
@@ -214,4 +231,8 @@ int mac_smack_apply_pid(pid_t pid, const char *label) {
 int mac_smack_fix(const char *path, bool ignore_enoent, bool ignore_erofs) {
         return 0;
 }
+
+int mac_smack_copy(const char *dest, const char *src) {
+        return 0;
+}
 #endif
diff --git a/src/basic/smack-util.h b/src/basic/smack-util.h
index 1052cecf4c..b3aa55eb8a 100644
--- a/src/basic/smack-util.h
+++ b/src/basic/smack-util.h
@@ -48,5 +48,5 @@ int mac_smack_read(const char *path, SmackAttr attr, char **label);
 int mac_smack_read_fd(int fd, SmackAttr attr, char **label);
 int mac_smack_apply(const char *path, SmackAttr attr, const char *label);
 int mac_smack_apply_fd(int fd, SmackAttr attr, const char *label);
-
 int mac_smack_apply_pid(pid_t pid, const char *label);
+int mac_smack_copy(const char *dest, const char *src);
diff --git a/src/core/main.c b/src/core/main.c
index 8cf1bebc67..48b5057a85 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1118,9 +1118,10 @@ static void test_mtab(void) {
         if (r >= 0 && nulstr_contains(ok, p))
                 return;
 
-        log_warning("/etc/mtab is not a symlink or not pointing to /proc/self/mounts. "
-                    "This is not supported anymore. "
-                    "Please make sure to replace this file by a symlink to avoid incorrect or misleading mount(8) output.");
+        log_error("/etc/mtab is not a symlink or not pointing to /proc/self/mounts. "
+                  "This is not supported anymore. "
+                  "Please make sure to replace this file by a symlink to avoid incorrect or misleading mount(8) output.");
+        freeze();
 }
 
 static void test_usr(void) {
diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index e84f80b61b..65f3d06ad0 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -303,6 +303,11 @@ int mount_cgroup_controllers(char ***join_controllers) {
                                 r = symlink(options, t);
                                 if (r < 0 && errno != EEXIST)
                                         return log_error_errno(errno, "Failed to create symlink %s: %m", t);
+#ifdef SMACK_RUN_LABEL
+                                r = mac_smack_copy(t, options);
+                                if (r < 0 && r != -EOPNOTSUPP)
+                                        return log_error_errno(r, "Failed to copy smack label from %s to %s: %m", options, t);
+#endif
                         }
                 }
         }
diff --git a/src/libsystemd/sd-bus/sd-bus.c b/src/libsystemd/sd-bus/sd-bus.c
index 2ac4b9be8e..25fd3b5c52 100644
--- a/src/libsystemd/sd-bus/sd-bus.c
+++ b/src/libsystemd/sd-bus/sd-bus.c
@@ -1023,7 +1023,6 @@ static int bus_start_address(sd_bus *b) {
 
                 if (b->exec_path)
                         r = bus_socket_exec(b);
-
                 else if ((b->nspid > 0 || b->machine) && b->kernel) {
                         r = bus_container_connect_kernel(b);
                         if (r < 0 && !IN_SET(r, -ENOENT, -ESOCKTNOSUPPORT))
@@ -1045,7 +1044,6 @@ static int bus_start_address(sd_bus *b) {
                                 r = bus_socket_connect(b);
                         else
                                 skipped = true;
-
                 } else
                         skipped = true;
 
diff --git a/src/libsystemd/sd-daemon/sd-daemon.c b/src/libsystemd/sd-daemon/sd-daemon.c
index d230a48daf..9ec73406c6 100644
--- a/src/libsystemd/sd-daemon/sd-daemon.c
+++ b/src/libsystemd/sd-daemon/sd-daemon.c
@@ -395,8 +395,9 @@ _public_ int sd_pid_notify_with_fds(pid_t pid, int unset_environment, const char
         have_pid = pid != 0 && pid != getpid();
 
         if (n_fds > 0 || have_pid) {
-                msghdr.msg_controllen = CMSG_SPACE(sizeof(int) * n_fds) +
-                                        CMSG_SPACE(sizeof(struct ucred) * have_pid);
+                /* CMSG_SPACE(0) may return value different then zero, which results in miscalculated controllen. */
+                msghdr.msg_controllen = (n_fds ? CMSG_SPACE(sizeof(int) * n_fds) : 0) +
+                                        CMSG_SPACE(sizeof(struct ucred)) * have_pid;
                 msghdr.msg_control = alloca(msghdr.msg_controllen);
 
                 cmsg = CMSG_FIRSTHDR(&msghdr);