Same justification as for HAVE_UTMP.
['efi', 'ENABLE_EFI'],
['tpm', 'ENABLE_TPM'],
['ima', 'ENABLE_IMA'],
- ['smack', 'HAVE_SMACK'],
+ ['smack', 'ENABLE_SMACK'],
['gshadow', 'ENABLE_GSHADOW'],
['idn', 'ENABLE_IDN'],
['nss-systemd', 'ENABLE_NSS_SYSTEMD'],
#define _IMA_FEATURE_ "-IMA"
#endif
-#if HAVE_SMACK
+#if ENABLE_SMACK
#define _SMACK_FEATURE_ "+SMACK"
#else
#define _SMACK_FEATURE_ "-SMACK"
#include "string-table.h"
#include "xattr-util.h"
-#if HAVE_SMACK
+#if ENABLE_SMACK
bool mac_smack_use(void) {
static int cached_use = -1;
#if HAVE_SELINUX
bool use_selinux = false;
#endif
-#if HAVE_SMACK
+#if ENABLE_SMACK
bool use_smack = false;
#endif
#if HAVE_APPARMOR
#if HAVE_SELINUX
use_selinux = mac_selinux_use();
#endif
-#if HAVE_SMACK
+#if ENABLE_SMACK
use_smack = mac_smack_use();
#endif
#if HAVE_APPARMOR
}
#endif
-#if HAVE_SMACK
+#if ENABLE_SMACK
if (use_smack) {
r = setup_smack(context, command);
if (r < 0) {
m4_ifdef(`HAVE_APPARMOR',
`$1.AppArmorProfile, config_parse_exec_apparmor_profile, 0, offsetof($1, exec_context)',
`$1.AppArmorProfile, config_parse_warn_compat, DISABLED_CONFIGURATION, 0')
-m4_ifdef(`HAVE_SMACK',
+m4_ifdef(`ENABLE_SMACK',
`$1.SmackProcessLabel, config_parse_exec_smack_process_label, 0, offsetof($1, exec_context)',
`$1.SmackProcessLabel, config_parse_warn_compat, DISABLED_CONFIGURATION, 0')'
)m4_dnl
Socket.Service, config_parse_socket_service, 0, 0
Socket.TriggerLimitIntervalSec, config_parse_sec, 0, offsetof(Socket, trigger_limit.interval)
Socket.TriggerLimitBurst, config_parse_unsigned, 0, offsetof(Socket, trigger_limit.burst)
-m4_ifdef(`HAVE_SMACK',
+m4_ifdef(`ENABLE_SMACK',
`Socket.SmackLabel, config_parse_unit_string_printf, 0, offsetof(Socket, smack)
Socket.SmackLabelIPIn, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_in)
Socket.SmackLabelIPOut, config_parse_unit_string_printf, 0, offsetof(Socket, smack_ip_out)',
const ConfigParserCallback callback;
const char *rvalue;
} table[] = {
-#if !HAVE_SYSV_COMPAT || !HAVE_SECCOMP || !HAVE_PAM || !HAVE_SELINUX || !HAVE_SMACK || !HAVE_APPARMOR
+#if !HAVE_SYSV_COMPAT || !HAVE_SECCOMP || !HAVE_PAM || !HAVE_SELINUX || !ENABLE_SMACK || !HAVE_APPARMOR
{ config_parse_warn_compat, "NOTSUPPORTED" },
#endif
{ config_parse_int, "INTEGER" },
* fourth (securityfs) is needed by IMA to load a custom policy. The
* other ones we can delay until SELinux and IMA are loaded. When
* SMACK is enabled we need smackfs, too, so it's a fifth one. */
-#if HAVE_SMACK
+#if ENABLE_SMACK
#define N_EARLY_MOUNT 5
#else
#define N_EARLY_MOUNT 4
NULL, MNT_FATAL|MNT_IN_CONTAINER },
{ "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV,
NULL, MNT_NONE },
-#if HAVE_SMACK
+#if ENABLE_SMACK
{ "smackfs", "/sys/fs/smackfs", "smackfs", "smackfsdef=*", MS_NOSUID|MS_NOEXEC|MS_NODEV,
mac_smack_use, MNT_FATAL },
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
{ "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC,
NULL, MNT_IN_CONTAINER },
-#if HAVE_SMACK
+#if ENABLE_SMACK
{ "tmpfs", "/run", "tmpfs", "mode=755,smackfsroot=*", MS_NOSUID|MS_NODEV|MS_STRICTATIME,
mac_smack_use, MNT_FATAL },
#endif
return 0;
}
-#if HAVE_SELINUX || HAVE_SMACK
+#if HAVE_SELINUX || ENABLE_SMACK
static int nftw_cb(
const char *fpath,
const struct stat *sb,
if (r < 0)
return r;
-#if HAVE_SELINUX || HAVE_SMACK
+#if HAVE_SELINUX || ENABLE_SMACK
/* Nodes in devtmpfs and /run need to be manually updated for
* the appropriate labels, after mounting. The other virtual
* API file systems like /sys and /proc do not need that, they
#include "string-util.h"
#include "util.h"
-#if HAVE_SMACK
+#if ENABLE_SMACK
static int write_access2_rules(const char* srcdir) {
_cleanup_close_ int load2_fd = -1, change_fd = -1;
int mac_smack_setup(bool *loaded_policy) {
-#if HAVE_SMACK
+#if ENABLE_SMACK
int r;