From 1fab0cbafcb67cff912d0e45de9677135550f924 Mon Sep 17 00:00:00 2001 From: Sangjung Woo Date: Thu, 10 Sep 2015 21:52:39 +0900 Subject: smack: label /etc/mtab as "_" when '--with-smack-run-label' is enabled. /etc/mtab should be labeled as "_", even though systemd has its own smack label using '--with-smack-run-label' configuration. This is mainly because all processes could read that file and the origin of this file (i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when '--with-smack-run-label' is enabled. --- configure.ac | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'configure.ac') diff --git a/configure.ac b/configure.ac index 2024939ad0..aad6782e08 100644 --- a/configure.ac +++ b/configure.ac @@ -657,12 +657,17 @@ if test "x${have_smack}" = xauto; then have_smack=yes fi +have_smack_run_label=no AC_ARG_WITH(smack-run-label, AS_HELP_STRING([--with-smack-run-label=STRING], [run systemd --system itself with a specific SMACK label]), - [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run systemd itself with SMACK label])], + [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run systemd itself with SMACK label]) have_smack_run_label=yes], []) +if test "x${have_smack_run_label}" = xyes; then + M4_DEFINES="$M4_DEFINES -DHAVE_SMACK_RUN_LABEL" +fi + AC_ARG_WITH(smack-default-process-label, AS_HELP_STRING([--with-smack-default-process-label=STRING], [default SMACK label for executed processes]), -- cgit v1.2.3-54-g00ecf