git.ipfire.org Git - thirdparty/systemd.git/commit

author	WaLyong Cho <walyong.cho@samsung.com>
	Mon, 24 Nov 2014 11:46:20 +0000 (20:46 +0900)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Mon, 24 Nov 2014 15:20:53 +0000 (10:20 -0500)
commit	2ca620c4ed28c01f285d869d0b22f22a360957da
tree	b4807e97bf97f36c5b28fbe84c96a34864e6b972	tree \| snapshot
parent	8086ffacdb1bfec5ec115d24626538bda6cc372e	commit \| diff

smack: introduce new SmackProcessLabel option

In service file, if the file has some of special SMACK label in
ExecStart= and systemd has no permission for the special SMACK label
then permission error will occurred. To resolve this, systemd should
be able to set its SMACK label to something accessible of ExecStart=.
So introduce new SmackProcessLabel. If label is specified with
SmackProcessLabel= then the child systemd will set its label to
that. To successfully execute the ExecStart=, accessible label should
be specified with SmackProcessLabel=.
Additionally, by SMACK policy, if the file in ExecStart= has no
SMACK64EXEC then the executed process will have given label by
SmackProcessLabel=. But if the file has SMACK64EXEC then the
SMACK64EXEC label will be overridden.

[zj: reword man page]

man/systemd.exec.xml		diff \| blob \| blame \| history
src/core/dbus-execute.c		diff \| blob \| blame \| history
src/core/execute.c		diff \| blob \| blame \| history
src/core/execute.h		diff \| blob \| blame \| history
src/core/load-fragment-gperf.gperf.m4		diff \| blob \| blame \| history
src/core/load-fragment.c		diff \| blob \| blame \| history
src/core/load-fragment.h		diff \| blob \| blame \| history
src/shared/exit-status.h		diff \| blob \| blame \| history
src/shared/smack-util.c		diff \| blob \| blame \| history
src/shared/smack-util.h		diff \| blob \| blame \| history