units: add 'SmackFileSystemRoot=*' option into tmp.mount

If SMACK is enabled, 'smackfsroot=*' option should be specified when /tmp is mounted since many non-root processes use /tmp for temporary usage. If not, /tmp is labeled as '_' and smack denial occurs when writing. In order to do that, 'SmackFileSystemRoot=*' is newly added into tmp.mount.
2015-10-21 21:48:13 +09:00 · 2015-10-21 21:48:13 +09:00 · 5dfcb8d200
parent 46a01abae9
commit 5dfcb8d200
2 changed files with 5 additions and 1 deletions
--- a/Makefile.am
+++ b/Makefile.am
@ -616,7 +616,8 @@ EXTRA_DIST += \
 	units/initrd-udevadm-cleanup-db.service.in \
 	units/initrd-switch-root.service.in \
 	units/systemd-nspawn@.service.in \
-	units/systemd-update-done.service.in
+	units/systemd-update-done.service.in \
+    units/tmp.mount.m4

 if HAVE_SYSV_COMPAT
 nodist_systemunit_DATA += \
--- a/units/tmp.mount.m4
+++ b/units/tmp.mount.m4
@ -19,3 +19,6 @@ What=tmpfs
 Where=/tmp
 Type=tmpfs
 Options=mode=1777,strictatime
+m4_ifdef(`HAVE_SMACK',
+SmackFileSystemRoot=*
+)m4_dnl