Hello, Lately I've been working on updating systemd (currently 208) in Tizen. One of problems we've stumbled upon was with [email protected] failing. Problem was on SMACK-enabled system, caused by 1c231f5 (logind: make $XDG_RUNTIME_DIR a per-user tmpfs).
When $XDG_RUNTIME_DIR is mounted it inherits logind label, which in turn forbid users to access theirs directories. One solution would be to add "if (use_smack()) mount(..."smackfsroot=*"...)" in logind-user.c, but it would also require to add CAP_MAC_ADMIN to systemd-logind.service. Another solution would be to remove mounting logic from logind-user.c completely and add [email protected]. [email protected] would gain following lines: Requires=run-user@%I.mount After=run-user@%I.mount Unfortunately, currently it's not possible. First problem is that unit isn't named after path, so that requirement needs to be removed first. Second - we don't have gid, but it doesn't seem to be an issue, as mode is set to 0700. Then, in Tizen we could just add "smackfsroot" to options. Alternatively SmackLabel= option could be added for mount units, which would automatically append "smackfsroot" to options, when SMACK is enabled. How should we solve this issue? regards, -- Maciej Wereski Samsung R&D Institute Poland Samsung Electronics [email protected] _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
