From c02e7b1ecc7d88f6529ca3d1d231536300991a02 Mon Sep 17 00:00:00 2001
From: Sangjung Woo <sangjung.woo@samsung.com>
Date: Tue, 6 Oct 2015 19:08:16 +0900
Subject: smack: label /etc/passwd and friends as '_' smack label when
 --with-smack-run-label' is enabled

systemd-sysusers.service unit creates system users and groups and it
could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow.
Those files should have '_' smack label because of accessibility.

However, if systemd has its own smack label using '--with-smack-run-label'
configuration, systemd-sysusers process spawned by systemd(pid:1) has
its parent smack label and eventually updated files also is set as its
parent smack label.

This patch fixes that bug by labeling updated files as '_' smack label
when --with-smack-run-label' is enabled.
---
 src/basic/smack-util.c | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'src/basic/smack-util.c')

diff --git a/src/basic/smack-util.c b/src/basic/smack-util.c
index 9e221d6eab..5f570ff02a 100644
--- a/src/basic/smack-util.c
+++ b/src/basic/smack-util.c
@@ -29,9 +29,6 @@
 #include "fileio.h"
 #include "smack-util.h"
 
-#define SMACK_FLOOR_LABEL "_"
-#define SMACK_STAR_LABEL  "*"
-
 #ifdef HAVE_SMACK
 bool mac_smack_use(void) {
         static int cached_use = -1;
-- 
cgit v1.2.3-54-g00ecf