summaryrefslogtreecommitdiffstats
path: root/tmpfiles.d
diff options
context:
space:
mode:
authorSangjung Woo <sangjung.woo@samsung.com>2015-09-10 14:52:39 +0200
committerSangjung Woo <sangjung.woo@samsung.com>2015-09-10 14:52:39 +0200
commit1fab0cbafcb67cff912d0e45de9677135550f924 (patch)
treec46bdad54e89e59ae0d7b33decb3e3db8f970303 /tmpfiles.d
parentMerge pull request #1226 from poettering/coccinelle-fixes3 (diff)
downloadsystemd-1fab0cbafcb67cff912d0e45de9677135550f924.tar.xz
systemd-1fab0cbafcb67cff912d0e45de9677135550f924.zip
smack: label /etc/mtab as "_" when '--with-smack-run-label' is enabled.
/etc/mtab should be labeled as "_", even though systemd has its own smack label using '--with-smack-run-label' configuration. This is mainly because all processes could read that file and the origin of this file (i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when '--with-smack-run-label' is enabled.
Diffstat (limited to 'tmpfiles.d')
-rw-r--r--tmpfiles.d/etc.conf.m43
1 files changed, 3 insertions, 0 deletions
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4
index e74b02687f..ef7b9b9541 100644
--- a/tmpfiles.d/etc.conf.m4
+++ b/tmpfiles.d/etc.conf.m4
@@ -10,6 +10,9 @@
L /etc/os-release - - - - ../usr/lib/os-release
L /etc/localtime - - - - ../usr/share/zoneinfo/UTC
L+ /etc/mtab - - - - ../proc/self/mounts
+m4_ifdef(`HAVE_SMACK_RUN_LABEL',
+t /etc/mtab - - - - security.SMACK64=_
+)m4_dnl
m4_ifdef(`ENABLE_RESOLVED',
L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
)m4_dnl