mirror of
https://github.com/systemd/systemd
synced 2024-10-14 12:04:49 +00:00
smack: bugfix the smack label of symlink when '--with-smack-run-label' is set
Even though systemd has its own smack label since '--with-smack-run-label' configuration is set, the smack label of each CGROUP root directory should have the star (i.e. *) label. This is mainly because current Linux Kernel set the label in this way. (Refer to smack_d_instantiate() in security/smack/smack_lsm.c) However, if systemd has its own smack label and arg_join_controllers is explicitly set or initialized by initialize_join_controllers() function, current systemd creates the symlink in CGROUP root directory with its own smack label as below. lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpu -> cpu,cpuacct dr-xr-xr-x. 4 root root * 0 Dec 31 16:01 cpu,cpuacct lrwxrwxrwx. 1 root root System 11 Dec 31 16:00 cpuacct -> cpu,cpuacct This patch fixes that bug by copying the smack label from the origin.
This commit is contained in:
parent
ba056b738d
commit
f8c1a81c51
|
@ -303,6 +303,11 @@ int mount_cgroup_controllers(char ***join_controllers) {
|
|||
r = symlink(options, t);
|
||||
if (r < 0 && errno != EEXIST)
|
||||
return log_error_errno(errno, "Failed to create symlink %s: %m", t);
|
||||
#ifdef SMACK_RUN_LABEL
|
||||
r = mac_smack_copy(t, options);
|
||||
if (r < 0 && r != -EOPNOTSUPP)
|
||||
return log_error_errno(r, "Failed to copy smack label from %s to %s: %m", options, t);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue