On Mon, Oct 28, 2013 at 3:44 AM, WaLyong Cho <walyong....@samsung.com> wrote: > At the same reason of /run and /dev/shm, when systemd is running with > SMACK, countless tasks are failed by missed privilege. > To avoid, /tmp is assigned '*' label.
We discussed this problem earlier in our office last week as we're looking in to the same issues here, but the solution in this patch is very problematic: > +m4_ifdef(`HAVE_SMACK', > +`Options=mode=1777,strictatime,smackfsroot=*', > +`Options=mode=1777,strictatime') The issue is here - the way you pass these options into tmp.mount make it so that everyone who has compiled systemd with Smack enabled cause them to attempt to mount tmpfs with these smack option. This is a problem since: 1) mount fails if the option smackfsroot=* is "not known", and because 2) if the kernel was not booted with Smack, the option is not known/invalid and most importantly: 3) everyone who compiles systemd with xattr support will have Smack enabled too, even if they did not pass --enable-smack to configure. In short, you'd break everyone's tmp.mount with this patch. Patches like this need to stay out of the upstream tree, until we figure out how to automatically retry without these Smack specific options, or some other more elegant solution that doesn't break everyone else. Cheers, Auke _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel