31 lines
1.2 KiB
Diff
31 lines
1.2 KiB
Diff
From 4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d Mon Sep 17 00:00:00 2001
|
|
From: Yu Watanabe <watanabe.yu+github@gmail.com>
|
|
Date: Mon, 1 Nov 2021 13:48:32 +0900
|
|
Subject: [PATCH] core: ignore failure on setting smack process label when
|
|
allowed
|
|
|
|
(cherry picked from commit 29ff62473b119c0e1d3467148eddcdccc2c9b732)
|
|
|
|
Conflict:NA
|
|
Reference:https://github.com/systemd/systemd/commit/4e057fc39be6ce27afcf0371ebcb7e224a7eeb2d
|
|
---
|
|
src/core/execute.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/core/execute.c b/src/core/execute.c
|
|
index e324db87cc..2f2de4d9cf 100644
|
|
--- a/src/core/execute.c
|
|
+++ b/src/core/execute.c
|
|
@@ -4408,7 +4408,7 @@ static int exec_child(
|
|
* process. This is the latest place before dropping capabilities. Other MAC context are set later. */
|
|
if (use_smack) {
|
|
r = setup_smack(context, executable_fd);
|
|
- if (r < 0) {
|
|
+ if (r < 0 && !context->smack_process_label_ignore) {
|
|
*exit_status = EXIT_SMACK_PROCESS_LABEL;
|
|
return log_unit_error_errno(unit, r, "Failed to set SMACK process label: %m");
|
|
}
|
|
--
|
|
2.33.0
|
|
|