With loaded_policy set to true mount_setup() relabels /dev properly.
Signed-off-by: Łukasz Stelmach <l.stelm...@samsung.com>
---
src/core/main.c | 2 +-
src/core/smack-setup.c | 6 +++++-
src/core/smack-setup.h | 2 +-
3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/src/core/main.c b/src/core/main.c
index 7566b0a..9c88845 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1309,7 +1309,7 @@ int main(int argc, char *argv[]) {
goto finish;
if (ima_setup() < 0)
goto finish;
- if (smack_setup() < 0)
+ if (smack_setup(&loaded_policy) < 0)
goto finish;
dual_timestamp_get(&security_finish_timestamp);
}
diff --git a/src/core/smack-setup.c b/src/core/smack-setup.c
index 611bfdb..a68605c 100644
--- a/src/core/smack-setup.c
+++ b/src/core/smack-setup.c
@@ -116,12 +116,14 @@ static int write_rules(const char* dstpath, const char*
srcdir) {
#endif
-int smack_setup(void) {
+int smack_setup(bool *loaded_policy) {
#ifdef HAVE_SMACK
int r;
+ assert(loaded_policy);
+
r = write_rules("/sys/fs/smackfs/load2", SMACK_CONFIG);
switch(r) {
case -ENOENT:
@@ -163,6 +165,8 @@ int smack_setup(void) {
return 0;
}
+ *loaded_policy = true;
+
#endif
return 0;
diff --git a/src/core/smack-setup.h b/src/core/smack-setup.h
index ffe9184..8927096 100644
--- a/src/core/smack-setup.h
+++ b/src/core/smack-setup.h
@@ -23,4 +23,4 @@
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
-int smack_setup(void);
+int smack_setup(bool *loaded_policy);
--
1.7.9.5
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
