From 1fab0cbafcb67cff912d0e45de9677135550f924 Mon Sep 17 00:00:00 2001
From: Sangjung Woo <sangjung.woo@samsung.com>
Date: Thu, 10 Sep 2015 21:52:39 +0900
Subject: smack: label /etc/mtab as "_" when '--with-smack-run-label' is
 enabled.

/etc/mtab should be labeled as "_", even though systemd has its own
smack label using '--with-smack-run-label' configuration. This is mainly
because all processes could read that file and the origin of this file
(i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when
'--with-smack-run-label' is enabled.
---
 tmpfiles.d/etc.conf.m4 | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'tmpfiles.d/etc.conf.m4')

diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
index e74b02687f..ef7b9b9541 100644
--- a/tmpfiles.d/etc.conf.m4
+++ b/tmpfiles.d/etc.conf.m4
@@ -10,6 +10,9 @@
 L /etc/os-release - - - - ../usr/lib/os-release
 L /etc/localtime - - - - ../usr/share/zoneinfo/UTC
 L+ /etc/mtab - - - - ../proc/self/mounts
+m4_ifdef(`HAVE_SMACK_RUN_LABEL',
+t /etc/mtab - - - - security.SMACK64=_
+)m4_dnl
 m4_ifdef(`ENABLE_RESOLVED',
 L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
 )m4_dnl
-- 
cgit v1.2.3-54-g00ecf