shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2024-11-07 01:27:11 +03:00
Code
17,460 Commits 3 Branches 391 Tags 549 MiB
c80d766c80
Commit Graph

8 Commits

Author SHA1 Message Date
Lennart Poettering
c80d766c80 mac: rename all calls that apply a label mac_{selinux|smack}_apply_xyz(), and all that reset it to defaults mac_{selinux|smack}_fix() 
Let's clean up the naming schemes a bit and use the same one for SMACK
and for SELINUX.
 2014-10-23 21:36:56 +02:00
Lennart Poettering
6baa7db008 mac: also rename use_{smack,selinux,apparmor}() calls so that they share the new mac_{smack,selinux,apparmor}_xyz() convention 2014-10-23 17:34:30 +02:00
WaLyong Cho
cc56fafeeb mac: rename apis with mac_{selinux/smack}_ prefix 2014-10-23 17:13:15 +02:00
WaLyong Cho
66b6d9d5b5 label: rearrange mandatory access control(MAC) apis 
move label apis to selinux-util.ch or smack-util.ch appropriately.
 2014-10-23 17:10:05 +02:00
Kay Sievers
d2edfae0f9 build-sys: use glibc's xattr support instead of requiring libattr 2014-05-28 17:36:40 +08:00
Kay Sievers
9a4e038c15 smack: minimize ifdef use, and move all labeling to smack-util.c 2013-10-11 10:16:41 +02:00
Lennart Poettering
d682b3a7e7 security: rework selinux, smack, ima, apparmor detection logic 
Always cache the results, and bypass low-level security calls when the
respective subsystem is not enabled.
 2013-10-10 16:35:44 +02:00
Auke Kok
8552b17660 Smack: Test if smack is enabled before mounting 
Since on most systems with xattr systemd will compile with Smack
support enabled, we still attempt to mount various fs's with
Smack-only options.

Before mounting any of these Smack-related filesystems with
Smack specific mount options, check if Smack is functionally
active on the running kernel.

If Smack is really enabled in the kernel, all these Smack mounts
are now *fatal*, as they should be.

We no longer mount smackfs if systemd was compiled without
Smack support. This makes it easier to make smackfs mount
failures a critical error when Smack is enabled.

We no longer mount these filesystems with their Smack specific
options inside containers. There these filesystems will be
mounted with there non-mount smack options for now.
 2013-10-09 15:06:17 -07:00