On Mon, Nov 24, 2014 at 08:46:20PM +0900, WaLyong Cho wrote: > In service file, if the file has some of special SMACK label in > ExecStart= and systemd has no permission for the special SMACK label > then permission error will occurred. To resolve this, systemd should > be able to set its SMACK label to something accessible of ExecStart=. > So introduce new SmackProcessLabel. If label is specified with > SmackProcessLabel= then the child systemd will set its label to > that. To successfully execute the ExecStart=, accessible label should > be specified with SmackProcessLabel=. > Additionally, by SMACK policy, if the file in ExecStart= has no > SMACK64EXEC then the executed process will have given label by > SmackProcessLabel=. But if the file has SMACK64EXEC then the > SMACK64EXEC label will be overridden. Applied!
Zbyszek _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
