| Age | Commit message (Collapse) | Author |
|---|
|
--with-smack-run-label' is enabled
systemd-sysusers.service unit creates system users and groups and it
could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow.
Those files should have '_' smack label because of accessibility.
However, if systemd has its own smack label using '--with-smack-run-label'
configuration, systemd-sysusers process spawned by systemd(pid:1) has
its parent smack label and eventually updated files also is set as its
parent smack label.
This patch fixes that bug by labeling updated files as '_' smack label
when --with-smack-run-label' is enabled.
|
|
This adds a new mac_smack_copy() function in order to read the smack
label from the source and apply it to the destination.
|
|
- Add smack xattr lookup table
- Unify all of mac_smack_apply_xxx{_fd}() to mac_smack_apply() and
mac_smack_apply_fd().
- Add smack xattr read apis similar with apply apis as
mac_smack_read{_fd}().
|
|
basic/ can be used by everything
cannot use anything outside of basic/
libsystemd/ can use basic/
cannot use shared/
shared/ can use libsystemd/
|
