On Tue, Oct 29, 2013 at 12:02 AM, WaLyong Cho <walyong....@samsung.com> wrote: > How about add specific options for smack? According to > http://schaufler-ca.com/description_from_the_linux_source_tree > > Smack supports some mount options: > > smackfsdef=label: specifies the label to give files that lack > the Smack label extended attribute. > > smackfsroot=label: specifies the label to assign the root of the > file system if it lacks the Smack extended attribute. > > smackfshat=label: specifies a label that must have read access to > all labels set on the filesystem. Not yet enforced. > > smackfsfloor=label: specifies a label to which all labels set on the > filesystem must have read access. Not yet enforced. > > If we support 'SmackFsRoot=label' option and append the 'smackfsroot' option > after checking the smack by test_security("smack"), then I think we can > solve most problems.(with Auke's worry)
Adding config options for optional mount options that aren't even standard.... sorry, that just sounds like a terrible idea. Let's see why the -s option in mount isn't working. For Tizen, I'd rather see a ConditionSecurity=!smack / ConditionSecurity=smack pair of complementary unit files since that is a method that should aready work and even cover the case where you boot with security=none or even a kernel with smack disabled. Again a solution I would not recommend carrying upstream but it solves the problem for Tizen well and would be a 20-line patch or so. Cheers, Auke _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel