From: Sangjung Woo Date: Wed, 21 Oct 2015 08:42:34 +0000 (+0900) Subject: mount: add new SmackFileSystemRoot= setting for mount unit X-Git-Tag: v228~157^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=46a01abae985024572ec860bd02ca7f1fe458096;p=thirdparty%2Fsystemd.git mount: add new SmackFileSystemRoot= setting for mount unit This option specifies the label to assign the root of the file system if it lacks the Smack extended attribute. Note that this option will be ignored if kernel does not support the Smack feature by runtime checking. --- diff --git a/man/systemd.mount.xml b/man/systemd.mount.xml index ffffc56936c..d3775ff8308 100644 --- a/man/systemd.mount.xml +++ b/man/systemd.mount.xml @@ -323,6 +323,18 @@ to 0755. + + SmackFileSystemRoot= + Takes a string for the smack label. + This option specifies the label to assign the root of the + file system if it lacks the Smack extended attribute. + Note that this option will be ignored if kernel does not + support the Smack feature. + See Smack.txt + for details. + + TimeoutSec= Configures the time to wait for the mount diff --git a/src/core/dbus-mount.c b/src/core/dbus-mount.c index 24813c6d20a..dbee7fc9080 100644 --- a/src/core/dbus-mount.c +++ b/src/core/dbus-mount.c @@ -117,6 +117,7 @@ const sd_bus_vtable bus_mount_vtable[] = { SD_BUS_PROPERTY("ControlPID", "u", bus_property_get_pid, offsetof(Mount, control_pid), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), SD_BUS_PROPERTY("DirectoryMode", "u", bus_property_get_mode, offsetof(Mount, directory_mode), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("SloppyOptions", "b", bus_property_get_bool, offsetof(Mount, sloppy_options), SD_BUS_VTABLE_PROPERTY_CONST), + SD_BUS_PROPERTY("SmackFileSystemRoot", "s", NULL, offsetof(Mount, smack_fs_root), SD_BUS_VTABLE_PROPERTY_CONST), SD_BUS_PROPERTY("Result", "s", property_get_result, offsetof(Mount, result), SD_BUS_VTABLE_PROPERTY_EMITS_CHANGE), BUS_EXEC_COMMAND_VTABLE("ExecMount", offsetof(Mount, exec_command[MOUNT_EXEC_MOUNT]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), BUS_EXEC_COMMAND_VTABLE("ExecUnmount", offsetof(Mount, exec_command[MOUNT_EXEC_UNMOUNT]), SD_BUS_VTABLE_PROPERTY_EMITS_INVALIDATION), diff --git a/src/core/load-fragment-gperf.gperf.m4 b/src/core/load-fragment-gperf.gperf.m4 index 89e624b5579..507cfdde758 100644 --- a/src/core/load-fragment-gperf.gperf.m4 +++ b/src/core/load-fragment-gperf.gperf.m4 @@ -319,6 +319,7 @@ Mount.Type, config_parse_string, 0, Mount.TimeoutSec, config_parse_sec, 0, offsetof(Mount, timeout_usec) Mount.DirectoryMode, config_parse_mode, 0, offsetof(Mount, directory_mode) Mount.SloppyOptions, config_parse_bool, 0, offsetof(Mount, sloppy_options) +Mount.SmackFileSystemRoot, config_parse_string, 0, offsetof(Mount, smack_fs_root) EXEC_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl CGROUP_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl KILL_CONTEXT_CONFIG_ITEMS(Mount)m4_dnl diff --git a/src/core/mount.c b/src/core/mount.c index 86111294535..0d1a9b9de71 100644 --- a/src/core/mount.c +++ b/src/core/mount.c @@ -39,6 +39,7 @@ #include "exit-status.h" #include "fstab-util.h" #include "formats-util.h" +#include "smack-util.h" #define RETRY_UMOUNT_MAX 32 @@ -202,6 +203,7 @@ static void mount_done(Unit *u) { assert(m); m->where = mfree(m->where); + m->smack_fs_root = mfree(m->smack_fs_root); mount_parameters_done(&m->parameters_proc_self_mountinfo); mount_parameters_done(&m->parameters_fragment); @@ -666,7 +668,8 @@ static void mount_dump(Unit *u, FILE *f, const char *prefix) { "%sOptions: %s\n" "%sFrom /proc/self/mountinfo: %s\n" "%sFrom fragment: %s\n" - "%sDirectoryMode: %04o\n", + "%sDirectoryMode: %04o\n" + "%sSmackFileSystemRoot: %s\n", prefix, mount_state_to_string(m->state), prefix, mount_result_to_string(m->result), prefix, m->where, @@ -675,7 +678,8 @@ static void mount_dump(Unit *u, FILE *f, const char *prefix) { prefix, p ? strna(p->options) : "n/a", prefix, yes_no(m->from_proc_self_mountinfo), prefix, yes_no(m->from_fragment), - prefix, m->directory_mode); + prefix, m->directory_mode, + prefix, strna(m->smack_fs_root)); if (m->control_pid > 0) fprintf(f, @@ -852,6 +856,31 @@ fail: mount_enter_mounted(m, MOUNT_FAILURE_RESOURCES); } +static int mount_get_opts(Mount *m, char **_opts) { + int r; + char *o = NULL, *opts = NULL; + + r = fstab_filter_options(m->parameters_fragment.options, + "nofail\0" "noauto\0" "auto\0", NULL, NULL, &o); + if (r < 0) + return r; + + if (mac_smack_use() && m->smack_fs_root) { + if (!isempty(o)) { + opts = strjoin(o, ",", "smackfsroot=", m->smack_fs_root, NULL); + free(o); + } else + opts = strjoin("smackfsroot=", m->smack_fs_root, NULL); + + if (!opts) + return -ENOMEM; + } else + opts = o; + + *_opts = opts; + return 0; +} + static void mount_enter_mounting(Mount *m) { int r; MountParameters *p; @@ -877,8 +906,7 @@ static void mount_enter_mounting(Mount *m) { if (m->from_fragment) { _cleanup_free_ char *opts = NULL; - r = fstab_filter_options(m->parameters_fragment.options, - "nofail\0" "noauto\0" "auto\0", NULL, NULL, &opts); + r = mount_get_opts(m, &opts); if (r < 0) goto fail; diff --git a/src/core/mount.h b/src/core/mount.h index 83d14ae7138..4e28810f6cc 100644 --- a/src/core/mount.h +++ b/src/core/mount.h @@ -71,6 +71,7 @@ struct Mount { bool reset_cpu_usage:1; bool sloppy_options; + char *smack_fs_root; MountResult result; MountResult reload_result;