Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

mount: add new SmackFileSystemRoot= setting for mount unit (v4) #1664

Merged
merged 2 commits into from
Oct 24, 2015
Merged

mount: add new SmackFileSystemRoot= setting for mount unit (v4) #1664

merged 2 commits into from
Oct 24, 2015

Conversation

again4you
Copy link
Contributor

This PR fixes #1571 issue by newly adding 'SmackFileSystemRoot=' option for mount unit.
Those patches are tested in both Arch & Tizen 3.0.

Changes since v3

  • Add OOM checks for strjoin()
  • Use if statement instead of two invocations of strjoin()

@again4you
mount: add new SmackFileSystemRoot= setting for mount unit
46a01ab 
This option specifies the label to assign the root of the file system if
it lacks the Smack extended attribute. Note that this option will be
ignored if kernel does not support the Smack feature by runtime
checking.
@again4you
units: add 'SmackFileSystemRoot=*' option into tmp.mount
5dfcb8d 
If SMACK is enabled, 'smackfsroot=*' option should be specified when
/tmp is mounted since many non-root processes use /tmp for temporary
usage. If not, /tmp is labeled as '_' and smack denial occurs when
writing.

In order to do that, 'SmackFileSystemRoot=*' is newly added into
tmp.mount.
poettering added a commit that referenced this pull request Oct 24, 2015
@poettering
Merge pull request #1664 from again4you/devel/tmp-smack_#5
7f66eb9 
mount: add new SmackFileSystemRoot= setting for mount unit (v4)
@poettering poettering merged commit 7f66eb9 into systemd:master Oct 24, 2015
@keszybz
Copy link
Member

keszybz commented Oct 25, 2015

Hm, I know that the name of this option mirrors the kernel parameter to some extent (SmackFileSystemRoot= vs. smackfsroot=), but the name seems misleading. Why not call this SmackFileSystemRootLabel= ? We already have SmackProcessLabel, SmackLabel, ...

@poettering
Copy link
Member

True, I think we should rename that. We should stick to the SmackFooLabel= scheme I guess.

@poettering poettering mentioned this pull request Oct 25, 2015
Closed
poettering added a commit to poettering/systemd that referenced this pull request Oct 26, 2015
@poettering
core: rename SmackFileSystemRoot= to SmackFileSystemRootLabel=
7cb4892 
That way it's in sync with the other SMACK label settings.

systemd#1664 (comment)
@poettering
Copy link
Member

OK, I renamed the field now as part of PR #1676.

@poettering
Copy link
Member

@again4you hmm, so @karelzak suggested on the mailing list, that this patch is actually not necessary at all, since /bin/mount strips the option away anyway!

Any idea what's going on? I'd rather not keep this option in place if we don't need it?

@again4you are you using busybox or regular util-linux?

@poettering poettering mentioned this pull request Oct 27, 2015
Closed
@poettering
Copy link
Member

I opened a new issue about this in #1696 now, so that we remove it before the next release again if we don't actually need it, @karelzak and @again4you please comment there.

@karelzak
Copy link
Contributor

@poettering btw, this is pretty old story, see:
http://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg13740.html

ssahani pushed a commit to ssahani/systemd that referenced this pull request Nov 3, 2015
@poettering @ssahani
core: rename SmackFileSystemRoot= to SmackFileSystemRootLabel=
aa51ace 
That way it's in sync with the other SMACK label settings.

systemd#1664 (comment)
ssahani pushed a commit to ssahani/systemd that referenced this pull request Nov 3, 2015
@poettering @ssahani
core: rename SmackFileSystemRoot= to SmackFileSystemRootLabel=
327d9dd 
That way it's in sync with the other SMACK label settings.

systemd#1664 (comment)
ssahani pushed a commit to ssahani/systemd that referenced this pull request Nov 3, 2015
@poettering @ssahani
core: rename SmackFileSystemRoot= to SmackFileSystemRootLabel=
31bd1d6 
That way it's in sync with the other SMACK label settings.

systemd#1664 (comment)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
pid1 smack
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Denial of write access to /tmp when SMACK is enabled
4 participants
@again4you @keszybz @poettering @karelzak