units: add 'smackfsroot=*' option into tmp.mount when SMACK is enabled

If SMACK is enabled, 'smackfsroot=*' option should be specified in tmp.mount file since many non-root processes use /tmp for temporary usage. If not, /tmp is labeled as '_' and smack denial occurs when writing.
author: Sangjung Woo <sangjung.woo@samsung.com> 2015-10-14 15:57:47 +0900
committer: Sangjung Woo <sangjung.woo@samsung.com> 2015-10-15 14:02:44 +0900
commit: 409c2a13fd65692c611b7bcaba12e908ef7cf1e5 (patch)
tree: c45178713d782f8400b8ce279faf83485194b3d5
parent: e296313f7b397a45b144313056b50374c3bf4016 (diff)
download: systemd-409c2a13fd65692c611b7bcaba12e908ef7cf1e5.tar.gz
2 files changed, 5 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am
index 8646e55450..889c03955a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -616,7 +616,8 @@ EXTRA_DIST += \
 	units/initrd-udevadm-cleanup-db.service.in \
 	units/initrd-switch-root.service.in \
 	units/systemd-nspawn@.service.in \
-	units/systemd-update-done.service.in
+	units/systemd-update-done.service.in \
+	units/tmp.mount.m4
 
 if HAVE_SYSV_COMPAT
 nodist_systemunit_DATA += \
diff --git a/units/tmp.mount b/units/tmp.mount.m4
index 00a0d28722..d537746dbf 100644
--- a/units/tmp.mount
+++ b/units/tmp.mount.m4
@@ -18,4 +18,6 @@ Before=local-fs.target umount.target
 What=tmpfs
 Where=/tmp
 Type=tmpfs
-Options=mode=1777,strictatime
+m4_ifdef(`HAVE_SMACK',
+`Options=mode=1777,strictatime,smackfsroot=*',
+`Options=mode=1777,strictatime')
author	Sangjung Woo <sangjung.woo@samsung.com>	2015-10-14 15:57:47 +0900
committer	Sangjung Woo <sangjung.woo@samsung.com>	2015-10-15 14:02:44 +0900
commit	409c2a13fd65692c611b7bcaba12e908ef7cf1e5 (patch)
tree	c45178713d782f8400b8ce279faf83485194b3d5
parent	e296313f7b397a45b144313056b50374c3bf4016 (diff)
download	systemd-409c2a13fd65692c611b7bcaba12e908ef7cf1e5.tar.gz