On Mon, Oct 28, 2013 at 8:58 AM, Lennart Poettering <lenn...@poettering.net> wrote: > On Mon, 28.10.13 19:44, WaLyong Cho (walyong....@samsung.com) wrote: > >> At the same reason of /run and /dev/shm, when systemd is running with >> SMACK, countless tasks are failed by missed privilege. >> To avoid, /tmp is assigned '*' label. > > Won't this break if people compile systemd with SMACK enabled but > run a kernel that has it disabled? > > We had a similar problem for the other mounts like /run, where we found > a somewhat nice solution, but I am not sure how we can make the same > work here...
Our posts intersected, badly. Yes, as I said in my mail, this sadly does a bad job for those folks running with smack enabled in systemd but with it disabled in the kernel. For Tizen, we're thinking of just keeping this patch out of tree (and it will just be a one-liner). We could do a ConditionSecurity=Smack, or something like that (ottomh) but we'd get duplicate tmp mounts, which is bad due to the way we name mount units. ick. Auke _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
