diff options
author | Ćukasz Stelmach <l.stelmach@samsung.com> | 2022-07-06 13:09:51 +0200 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-07-12 22:47:32 +0100 |
commit | aa5ae9711ef3cd0c69b7fcfbd65bca05fb704a8a (patch) | |
tree | 093829ff70722785faef8422c0b1b88490d37875 /man/systemd-system.conf.xml | |
parent | 8880c3be82cbf303b961bfdccf46b84f3fd3d37b (diff) | |
download | systemd-aa5ae9711ef3cd0c69b7fcfbd65bca05fb704a8a.tar.gz |
smack: Add DefaultSmackProcessLabel to user.conf and system.conf
DefaultSmackProcessLabel tells systemd what label to assign to its child
process in case SmackProcessLabel is not set in the service file. By
default, when DefaultSmackProcessLabel is not set child processes inherit
label from systemd.
If DefaultSmackProcessLabel is set to "/" (which is an invalid character
for a SMACK label) the DEFAULT_SMACK_PROCESS_LABEL set during compilation
is ignored and systemd act as if the option was unset.
Diffstat (limited to 'man/systemd-system.conf.xml')
-rw-r--r-- | man/systemd-system.conf.xml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/man/systemd-system.conf.xml b/man/systemd-system.conf.xml index 3fe2cbfdea..ef311f1971 100644 --- a/man/systemd-system.conf.xml +++ b/man/systemd-system.conf.xml @@ -525,6 +525,18 @@ details. Note that this setting has no effect on the OOM score adjustment value of the service manager process itself, it retains the original value set during its invocation.</para></listitem> </varlistentry> + + <varlistentry> + <term><varname>DefaultSmackProcessLabel=</varname></term> + + <listitem><para>Takes a <option>SMACK64</option> security label as the argument. The process executed + by a unit will be started under this label if <varname>SmackProcessLabel=</varname> is not set in the + unit. See <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> + for the details.</para> + + <para>If the value is <literal>/</literal>, only labels specified with <varname>SmackProcessLabel=</varname> + are assigned and the compile-time default is ignored.</para></listitem> + </varlistentry> </variablelist> </refsect1> |