smack: Add DefaultSmackProcessLabel to user.conf and system.conf

DefaultSmackProcessLabel tells systemd what label to assign to its child process in case SmackProcessLabel is not set in the service file. By default, when DefaultSmackProcessLabel is not set child processes inherit label from systemd. If DefaultSmackProcessLabel is set to "/" (which is an invalid character for a SMACK label) the DEFAULT_SMACK_PROCESS_LABEL set during compilation is ignored and systemd act as if the option was unset.
author: Łukasz Stelmach <l.stelmach@samsung.com> 2022-07-06 13:09:51 +0200
committer: Luca Boccassi <luca.boccassi@gmail.com> 2022-07-12 22:47:32 +0100
commit: aa5ae9711ef3cd0c69b7fcfbd65bca05fb704a8a (patch)
tree: 093829ff70722785faef8422c0b1b88490d37875 /meson_options.txt
parent: 8880c3be82cbf303b961bfdccf46b84f3fd3d37b (diff)
download: systemd-aa5ae9711ef3cd0c69b7fcfbd65bca05fb704a8a.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meson_options.txt b/meson_options.txt
index adaedf3ce8..628ca1d797 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -352,6 +352,8 @@ option('smack', type : 'boolean',
        description : 'SMACK support')
 option('smack-run-label', type : 'string',
        description : 'run systemd --system itself with a specific SMACK label')
+option('smack-default-process-label', type : 'string',
+       description : 'default SMACK label for executed processes')
 option('polkit', type : 'combo', choices : ['auto', 'true', 'false'],
        description : 'polkit support')
 option('ima', type : 'boolean',
author	Łukasz Stelmach <l.stelmach@samsung.com>	2022-07-06 13:09:51 +0200
committer	Luca Boccassi <luca.boccassi@gmail.com>	2022-07-12 22:47:32 +0100
commit	aa5ae9711ef3cd0c69b7fcfbd65bca05fb704a8a (patch)
tree	093829ff70722785faef8422c0b1b88490d37875 /meson_options.txt
parent	8880c3be82cbf303b961bfdccf46b84f3fd3d37b (diff)
download	systemd-aa5ae9711ef3cd0c69b7fcfbd65bca05fb704a8a.tar.gz