From 409c2a13fd65692c611b7bcaba12e908ef7cf1e5 Mon Sep 17 00:00:00 2001 From: Sangjung Woo Date: Wed, 14 Oct 2015 15:57:47 +0900 Subject: units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled If SMACK is enabled, 'smackfsroot=*' option should be specified in tmp.mount file since many non-root processes use /tmp for temporary usage. If not, /tmp is labeled as '_' and smack denial occurs when writing. --- Makefile.am | 3 ++- units/tmp.mount | 21 --------------------- units/tmp.mount.m4 | 23 +++++++++++++++++++++++ 3 files changed, 25 insertions(+), 22 deletions(-) delete mode 100644 units/tmp.mount create mode 100644 units/tmp.mount.m4 diff --git a/Makefile.am b/Makefile.am index 8646e55450..889c03955a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -616,7 +616,8 @@ EXTRA_DIST += \ units/initrd-udevadm-cleanup-db.service.in \ units/initrd-switch-root.service.in \ units/systemd-nspawn@.service.in \ - units/systemd-update-done.service.in + units/systemd-update-done.service.in \ + units/tmp.mount.m4 if HAVE_SYSV_COMPAT nodist_systemunit_DATA += \ diff --git a/units/tmp.mount b/units/tmp.mount deleted file mode 100644 index 00a0d28722..0000000000 --- a/units/tmp.mount +++ /dev/null @@ -1,21 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -[Unit] -Description=Temporary Directory -Documentation=man:hier(7) -Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems -ConditionPathIsSymbolicLink=!/tmp -DefaultDependencies=no -Conflicts=umount.target -Before=local-fs.target umount.target - -[Mount] -What=tmpfs -Where=/tmp -Type=tmpfs -Options=mode=1777,strictatime diff --git a/units/tmp.mount.m4 b/units/tmp.mount.m4 new file mode 100644 index 0000000000..d537746dbf --- /dev/null +++ b/units/tmp.mount.m4 @@ -0,0 +1,23 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Temporary Directory +Documentation=man:hier(7) +Documentation=http://www.freedesktop.org/wiki/Software/systemd/APIFileSystems +ConditionPathIsSymbolicLink=!/tmp +DefaultDependencies=no +Conflicts=umount.target +Before=local-fs.target umount.target + +[Mount] +What=tmpfs +Where=/tmp +Type=tmpfs +m4_ifdef(`HAVE_SMACK', +`Options=mode=1777,strictatime,smackfsroot=*', +`Options=mode=1777,strictatime') -- cgit v1.2.3-54-g00ecf