git.ipfire.org Git - thirdparty/systemd.git/commit

author	Sangjung Woo <sangjung.woo@samsung.com>
	Tue, 6 Oct 2015 10:08:16 +0000 (19:08 +0900)
committer	Sangjung Woo <sangjung.woo@samsung.com>
	Wed, 7 Oct 2015 07:37:25 +0000 (16:37 +0900)
commit	c02e7b1ecc7d88f6529ca3d1d231536300991a02
tree	3ea3e71cbc54949ebec3b9f59bd0b2803ad51931	tree \| snapshot
parent	69b8a8ebaeaae13e82d44b386555921877bc0309	commit \| diff

smack: label /etc/passwd and friends as '_' smack label when --with-smack-run-label' is enabled

systemd-sysusers.service unit creates system users and groups and it
could update /etc/passwd, /etc/group, /etc/shadow and /etc/gshadow.
Those files should have '_' smack label because of accessibility.

However, if systemd has its own smack label using '--with-smack-run-label'
configuration, systemd-sysusers process spawned by systemd(pid:1) has
its parent smack label and eventually updated files also is set as its
parent smack label.

This patch fixes that bug by labeling updated files as '_' smack label
when --with-smack-run-label' is enabled.

src/basic/smack-util.c		diff \| blob \| blame \| history
src/basic/smack-util.h		diff \| blob \| blame \| history
src/sysusers/sysusers.c		diff \| blob \| blame \| history