Merge pull request #1238 from again4you/devel/fix_smack_mtab

smack: label /etc/mtab as "_" when '--with-smack-run-label' is enabled.
2024-12-26 03:22:00 +03:00 · 2015-09-10 16:36:07 +02:00 · 2015-09-10 16:36:07 +02:00 · 78e28c98e9
commit 78e28c98e9
parent f33be31198 1fab0cbafc
2 changed files with 9 additions and 1 deletions
--- a/configure.ac
+++ b/configure.ac
@ -657,12 +657,17 @@ if test "x${have_smack}" = xauto; then
        have_smack=yes
 fi

+have_smack_run_label=no
 AC_ARG_WITH(smack-run-label,
 AS_HELP_STRING([--with-smack-run-label=STRING],
        [run systemd --system itself with a specific SMACK label]),
-        [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run systemd itself with SMACK label])],
+        [AC_DEFINE_UNQUOTED(SMACK_RUN_LABEL, ["$withval"], [Run systemd itself with SMACK label]) have_smack_run_label=yes],
        [])

+if test "x${have_smack_run_label}" = xyes; then
+        M4_DEFINES="$M4_DEFINES -DHAVE_SMACK_RUN_LABEL"
+fi
+
 AC_ARG_WITH(smack-default-process-label,
 AS_HELP_STRING([--with-smack-default-process-label=STRING],
        [default SMACK label for executed processes]),
--- a/tmpfiles.d/etc.conf.m4
+++ b/tmpfiles.d/etc.conf.m4
@ -10,6 +10,9 @@
 L /etc/os-release - - - - ../usr/lib/os-release
 L /etc/localtime - - - - ../usr/share/zoneinfo/UTC
 L+ /etc/mtab - - - - ../proc/self/mounts
+m4_ifdef(`HAVE_SMACK_RUN_LABEL',
+t /etc/mtab - - - - security.SMACK64=_
+)m4_dnl
 m4_ifdef(`ENABLE_RESOLVED',
 L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf
 )m4_dnl