git.ipfire.org Git - thirdparty/systemd.git/commit

author	WaLyong Cho <walyong.cho@samsung.com>
	Mon, 8 Jun 2015 10:41:01 +0000 (19:41 +0900)
committer	WaLyong Cho <walyong.cho@samsung.com>
	Mon, 22 Jun 2015 14:44:09 +0000 (23:44 +0900)
commit	e174dce27173396ed8034c9cfda87eb210365126
tree	c9fe8b256c739a5e88866396f3a0132e90f3a7b6	tree \| snapshot
parent	6656aefb42385b468dd96867118d049f945cbf81	commit \| diff

smack: add default smack process label config

Similar to SmackProcessLabel=, if this configuration is set, systemd
executes processes with given SMACK label. If unit has
SmackProcessLabel=, this config is overwritten.
But, do NOT be confused with SMACK64EXEC of execute file. This default
execute process label(and also label which is set by
SmackProcessLabel=) is set fork-ed process SMACK subject label and
used to access the execute file.
If the execution file has also SMACK64EXEC, finally executed process
has SMACK64EXEC subject.
While if the execution file has no SMACK64EXEC, the executed process
has label of this config(or label which is set by
SmackProcessLabel=). Because if execution file has no SMACK64EXEC then
excuted process inherits label from caller process(in this case, the
caller is systemd).

configure.ac		diff \| blob \| blame \| history
src/core/execute.c		diff \| blob \| blame \| history