From: Sangjung Woo <sangjung.woo@samsung.com>
Date: Wed, 21 Oct 2015 12:48:13 +0000 (+0900)
Subject: units: add 'SmackFileSystemRoot=*' option into tmp.mount
X-Git-Tag: v228~157^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=5dfcb8d20021c8fc555a86c4fbbc72d5c9837150;p=thirdparty%2Fsystemd.git

units: add 'SmackFileSystemRoot=*' option into tmp.mount

If SMACK is enabled, 'smackfsroot=*' option should be specified when
/tmp is mounted since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.

In order to do that, 'SmackFileSystemRoot=*' is newly added into
tmp.mount.
---

diff --git a/Makefile.am b/Makefile.am
index fa25485b736..89eaf805753 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -616,7 +616,8 @@ EXTRA_DIST += \
 	units/initrd-udevadm-cleanup-db.service.in \
 	units/initrd-switch-root.service.in \
 	units/systemd-nspawn@.service.in \
-	units/systemd-update-done.service.in
+	units/systemd-update-done.service.in \
+    units/tmp.mount.m4
 
 if HAVE_SYSV_COMPAT
 nodist_systemunit_DATA += \
diff --git a/units/tmp.mount b/units/tmp.mount.m4
similarity index 92%
rename from units/tmp.mount
rename to units/tmp.mount.m4
index 00a0d287224..e1e26bdfc0d 100644
--- a/units/tmp.mount
+++ b/units/tmp.mount.m4
@@ -19,3 +19,6 @@ What=tmpfs
 Where=/tmp
 Type=tmpfs
 Options=mode=1777,strictatime
+m4_ifdef(`HAVE_SMACK',
+SmackFileSystemRoot=*
+)m4_dnl