On Mon, Oct 28, 2013 at 1:09 PM, Lennart Poettering <[email protected]> wrote: > On Mon, 28.10.13 12:59, Kok, Auke-jan H ([email protected]) wrote: > >> >> On Mon, Oct 28, 2013 at 8:58 AM, Lennart Poettering >> <[email protected]> wrote: >> > On Mon, 28.10.13 19:44, WaLyong Cho ([email protected]) wrote: >> > >> >> At the same reason of /run and /dev/shm, when systemd is running with >> >> SMACK, countless tasks are failed by missed privilege. >> >> To avoid, /tmp is assigned '*' label. >> > >> > Won't this break if people compile systemd with SMACK enabled but >> > run a kernel that has it disabled? >> > >> > We had a similar problem for the other mounts like /run, where we found >> > a somewhat nice solution, but I am not sure how we can make the same >> > work here... >> >> Our posts intersected, badly. Yes, as I said in my mail, this sadly >> does a bad job for those folks running with smack enabled in systemd >> but with it disabled in the kernel. >> >> For Tizen, we're thinking of just keeping this patch out of tree (and >> it will just be a one-liner). >> >> We could do a ConditionSecurity=Smack, or something like that (ottomh) >> but we'd get duplicate tmp mounts, which is bad due to the way we name >> mount units. ick. > > Hmm, here's an idea: there has been a long standig feature request to > add a configurable boolean to mount unit files that controls > /bin/mount's "-s" switch. Let's say we call it > "SloppyOptions=yes/no", or so. Then, we could set this for this unit > file and apply the rest of the patch and things should work, and where > they don't we can easily reassign to the kernel to respect the "-s" flag > properly. > > Doing a patch that allows "-s" to be controlled should be fairly easy, > would be happy to merge a patch for that!
ahhh I hadn't even seen -s in /bin/mount yet, so I can see this helping out a lot. I'd be okay with a solution like that, it would certainly simplify things a lot, but we need to be careful not to overload mount options with all sorts of nonstandard options - it will make problems harder to debug and for some of these security enabled systems we will most likely want to actually _not_ use -s. After all, we want to make sure we're actually booting with properly setup Smack options e.g. a typo in 'nodev,nosuid,nexec' could be disastrous. (typo deliberate). Auke _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
