From 8b197c3a8a57c3f7c231b39e5660856fd9580c80 Mon Sep 17 00:00:00 2001
From: Auke Kok <auke-jan.h.kok@intel.com>
Date: Wed, 25 Sep 2013 15:49:42 -0700
Subject: Run with a custom SMACK domain (label).

Allows the systemd --system process to change its current
SMACK label to a predefined custom label (usually "system")
at boot time.

This is needed to have a few system-generated folders and
sockets automatically be created with the right SMACK
label. Without that, processes either cannot communicate with
systemd or systemd fails to perform some actions.
---
 src/core/smack-setup.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/core/smack-setup.c')

diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index 1434dea7c1..611bfdb2df 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -36,6 +36,7 @@
 #include "macro.h"
 #include "smack-setup.h"
 #include "util.h"
+#include "fileio.h"
 #include "log.h"
 #include "label.h"
 
@@ -138,6 +139,13 @@ int smack_setup(void) {
                 return 0;
         }
 
+#ifdef SMACK_RUN_LABEL
+        r = write_string_file("/proc/self/attr/current", SMACK_RUN_LABEL);
+        if (r)
+                log_warning("Failed to set SMACK label \"%s\" on self: %s",
+                            SMACK_RUN_LABEL, strerror(-r));
+#endif
+
         r = write_rules("/sys/fs/smackfs/cipso2", CIPSO_CONFIG);
         switch(r) {
         case -ENOENT:
-- 
cgit v1.2.3-54-g00ecf