units: add 'SmackFileSystemRoot=*' option into tmp.mount
If SMACK is enabled, 'smackfsroot=*' option should be specified when /tmp is mounted since many non-root processes use /tmp for temporary usage. If not, /tmp is labeled as '_' and smack denial occurs when writing. In order to do that, 'SmackFileSystemRoot=*' is newly added into tmp.mount.
This commit is contained in:
parent
46a01abae9
commit
5dfcb8d200
|
@ -616,7 +616,8 @@ EXTRA_DIST += \
|
||||||
units/initrd-udevadm-cleanup-db.service.in \
|
units/initrd-udevadm-cleanup-db.service.in \
|
||||||
units/initrd-switch-root.service.in \
|
units/initrd-switch-root.service.in \
|
||||||
units/systemd-nspawn@.service.in \
|
units/systemd-nspawn@.service.in \
|
||||||
units/systemd-update-done.service.in
|
units/systemd-update-done.service.in \
|
||||||
|
units/tmp.mount.m4
|
||||||
|
|
||||||
if HAVE_SYSV_COMPAT
|
if HAVE_SYSV_COMPAT
|
||||||
nodist_systemunit_DATA += \
|
nodist_systemunit_DATA += \
|
||||||
|
|
|
@ -19,3 +19,6 @@ What=tmpfs
|
||||||
Where=/tmp
|
Where=/tmp
|
||||||
Type=tmpfs
|
Type=tmpfs
|
||||||
Options=mode=1777,strictatime
|
Options=mode=1777,strictatime
|
||||||
|
m4_ifdef(`HAVE_SMACK',
|
||||||
|
SmackFileSystemRoot=*
|
||||||
|
)m4_dnl
|
Loading…
Reference in a new issue