to 0755.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><varname>SmackFileSystemRoot=</varname></term>
+ <listitem><para>Takes a string for the smack label.
+ This option specifies the label to assign the root of the
+ file system if it lacks the Smack extended attribute.
+ Note that this option will be ignored if kernel does not
+ support the Smack feature.
+ See <ulink
+ url="https://www.kernel.org/doc/Documentation/security/Smack.txt">Smack.txt</ulink>
+ for details. </para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><varname>TimeoutSec=</varname></term>
<listitem><para>Configures the time to wait for the mount
SD_BUS_PROPERTY("ControlPID", "u", bus_property_get_pid, offsetof(Mount, control_pid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
SD_BUS_PROPERTY("DirectoryMode", "u", bus_property_get_mode, offsetof(Mount, directory_mode), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("SloppyOptions", "b", bus_property_get_bool, offsetof(Mount, sloppy_options), SD_BUS_VTABLE_PROPERTY_CONST),
+ SD_BUS_PROPERTY("SmackFileSystemRoot", "s", NULL, offsetof(Mount, smack_fs_root), SD_BUS_VTABLE_PROPERTY_CONST),
SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Mount, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE),
BUS_EXEC_COMMAND_VTABLE("ExecMount", offsetof(Mount, exec_command[MOUNT_EXEC_MOUNT]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
BUS_EXEC_COMMAND_VTABLE("ExecUnmount", offsetof(Mount, exec_command[MOUNT_EXEC_UNMOUNT]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION),
Mount.TimeoutSec, config_parse_sec, 0, offsetof(Mount, timeout_usec)
Mount.DirectoryMode, config_parse_mode, 0, offsetof(Mount, directory_mode)
Mount.SloppyOptions, config_parse_bool, 0, offsetof(Mount, sloppy_options)
+Mount.SmackFileSystemRoot, config_parse_string, 0, offsetof(Mount, smack_fs_root)
EXEC_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl
CGROUP_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl
KILL_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl
#include "exit-status.h"
#include "fstab-util.h"
#include "formats-util.h"
+#include "smack-util.h"
#define RETRY_UMOUNT_MAX 32
assert(m);
m->where = mfree(m->where);
+ m->smack_fs_root = mfree(m->smack_fs_root);
mount_parameters_done(&m->parameters_proc_self_mountinfo);
mount_parameters_done(&m->parameters_fragment);
"%sOptions: %s\n"
"%sFrom /proc/self/mountinfo: %s\n"
"%sFrom fragment: %s\n"
- "%sDirectoryMode: %04o\n",
+ "%sDirectoryMode: %04o\n"
+ "%sSmackFileSystemRoot: %s\n",
prefix, mount_state_to_string(m->state),
prefix, mount_result_to_string(m->result),
prefix, m->where,
prefix, p ? strna(p->options) : "n/a",
prefix, yes_no(m->from_proc_self_mountinfo),
prefix, yes_no(m->from_fragment),
- prefix, m->directory_mode);
+ prefix, m->directory_mode,
+ prefix, strna(m->smack_fs_root));
if (m->control_pid > 0)
fprintf(f,
mount_enter_mounted(m, MOUNT_FAILURE_RESOURCES);
}
+static int mount_get_opts(Mount *m, char **_opts) {
+ int r;
+ char *o = NULL, *opts = NULL;
+
+ r = fstab_filter_options(m->parameters_fragment.options,
+ "nofail\0" "noauto\0" "auto\0", NULL, NULL, &o);
+ if (r < 0)
+ return r;
+
+ if (mac_smack_use() && m->smack_fs_root) {
+ if (!isempty(o)) {
+ opts = strjoin(o, ",", "smackfsroot=", m->smack_fs_root, NULL);
+ free(o);
+ } else
+ opts = strjoin("smackfsroot=", m->smack_fs_root, NULL);
+
+ if (!opts)
+ return -ENOMEM;
+ } else
+ opts = o;
+
+ *_opts = opts;
+ return 0;
+}
+
static void mount_enter_mounting(Mount *m) {
int r;
MountParameters *p;
if (m->from_fragment) {
_cleanup_free_ char *opts = NULL;
- r = fstab_filter_options(m->parameters_fragment.options,
- "nofail\0" "noauto\0" "auto\0", NULL, NULL, &opts);
+ r = mount_get_opts(m, &opts);
if (r < 0)
goto fail;
bool reset_cpu_usage:1;
bool sloppy_options;
+ char *smack_fs_root;
MountResult result;
MountResult reload_result;
projects / thirdparty / systemd.git / commitdiff
