On Tue, 27.10.15 10:35, Karel Zak ([email protected]) wrote: > On Sun, Oct 18, 2015 at 12:22:15PM +0200, Kay Sievers wrote: > > On Sun, Oct 18, 2015 at 6:01 AM, Mantas Mikulėnas <[email protected]> wrote: > > > So far all existing SELinux and SMACK options had runtime checks – if > > > systemd was built with +SMACK but the kernel wasn't, it still worked fine. > > > (Arch uses such a configuration.) > > > > > > But then https://github.com/systemd/systemd/issues/1571 added an option to > > > tmp.mount which only depends on the build-time option, which creates > > > problems when booting a non-SMACK kernel... > > > > > > Any ideas on how to fix it? All previous such fixes were for API > > > filesystems > > > in mount-setup.c and could do flexible checks, but that clearly won't work > > > for mount units. > > > > I have reverted it. It needs a different solution. > > I'm not sure how systemd mounts /tmp, but if you have mount(8) with > smack (util-linux --with-smack) and you have kernel with disabled > smack than mount(8) removes smack mount options before it calls > mount(2) syscall. > > It means that your fstab is always valid independently on your kernel. > The same we use for SELinux.
Yes, we do use /bin/mount for mounting /tmp, so the whole patch appears unnecessary. I have thus filed an issue about this, so that we remove the whole feature again if we don't atcually need it: https://github.com/systemd/systemd/issues/1696 Let's continue discussion there. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
