diff options
author | Sangjung Woo <sangjung.woo@samsung.com> | 2015-09-10 14:52:39 +0200 |
---|---|---|
committer | Sangjung Woo <sangjung.woo@samsung.com> | 2015-09-10 14:52:39 +0200 |
commit | 1fab0cbafcb67cff912d0e45de9677135550f924 (patch) | |
tree | c46bdad54e89e59ae0d7b33decb3e3db8f970303 /tmpfiles.d | |
parent | Merge pull request #1226 from poettering/coccinelle-fixes3 (diff) | |
download | systemd-1fab0cbafcb67cff912d0e45de9677135550f924.tar.xz systemd-1fab0cbafcb67cff912d0e45de9677135550f924.zip |
smack: label /etc/mtab as "_" when '--with-smack-run-label' is enabled.
/etc/mtab should be labeled as "_", even though systemd has its own
smack label using '--with-smack-run-label' configuration. This is mainly
because all processes could read that file and the origin of this file
(i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when
'--with-smack-run-label' is enabled.
Diffstat (limited to 'tmpfiles.d')
-rw-r--r-- | tmpfiles.d/etc.conf.m4 | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 index e74b02687f..ef7b9b9541 100644 --- a/tmpfiles.d/etc.conf.m4 +++ b/tmpfiles.d/etc.conf.m4 @@ -10,6 +10,9 @@ L /etc/os-release - - - - ../usr/lib/os-release L /etc/localtime - - - - ../usr/share/zoneinfo/UTC L+ /etc/mtab - - - - ../proc/self/mounts +m4_ifdef(`HAVE_SMACK_RUN_LABEL', +t /etc/mtab - - - - security.SMACK64=_ +)m4_dnl m4_ifdef(`ENABLE_RESOLVED', L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf )m4_dnl |