mirror of
https://github.com/systemd/systemd.git
synced 2024-10-27 18:55:40 +03:00
logind: mount per-user tmpfs with 'smackfsroot=*' for smack enabled systems
This commit is contained in:
parent
2134b5ef6b
commit
374738d55b
@ -37,6 +37,7 @@
|
||||
#include "conf-parser.h"
|
||||
#include "clean-ipc.h"
|
||||
#include "logind-user.h"
|
||||
#include "smack-util.h"
|
||||
|
||||
User* user_new(Manager *m, uid_t uid, gid_t gid, const char *name) {
|
||||
User *u;
|
||||
@ -325,7 +326,12 @@ static int user_mkdir_runtime_path(User *u) {
|
||||
|
||||
mkdir(p, 0700);
|
||||
|
||||
if (asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size) < 0) {
|
||||
if (use_smack())
|
||||
r = asprintf(&t, "mode=0700,smackfsroot=*,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
|
||||
else
|
||||
r = asprintf(&t, "mode=0700,uid=" UID_FMT ",gid=" GID_FMT ",size=%zu", u->uid, u->gid, u->manager->runtime_dir_size);
|
||||
|
||||
if (r < 0) {
|
||||
r = log_oom();
|
||||
goto fail;
|
||||
}
|
||||
|
@ -23,7 +23,7 @@ ExecStart=@rootlibexecdir@/systemd-logind
|
||||
Restart=always
|
||||
RestartSec=0
|
||||
BusName=org.freedesktop.login1
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_MAC_ADMIN CAP_AUDIT_CONTROL CAP_CHOWN CAP_KILL CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_FOWNER CAP_SYS_TTY_CONFIG
|
||||
WatchdogSec=1min
|
||||
|
||||
# Increase the default a bit in order to allow many simultaneous
|
||||
|
Loading…
Reference in New Issue
Block a user