#include "selinux-setup.h"
#include "ima-setup.h"
#include "fileio.h"
+#include "smack-setup.h"
static enum {
ACTION_RUN,
goto finish;
if (ima_setup() < 0)
goto finish;
+ if (smack_setup() < 0)
+ goto finish;
}
if (label_init(NULL) < 0)
/* Mount /proc, /sys and friends, so that /proc/cmdline and
* /proc/$PID/fd is available. */
- if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) {
+ if (getpid() == 1) {
r = mount_setup(loaded_policy);
if (r < 0)
goto finish;
if (getpid() == 1)
install_crash_handler();
- if (geteuid() == 0 && !getenv("SYSTEMD_SKIP_API_MOUNTS")) {
+ if (getpid() == 1) {
r = mount_cgroup_controllers(arg_join_controllers);
if (r < 0)
goto finish;
}
r = manager_add_job(m, JOB_START, target, JOB_ISOLATE, false, &error, &default_unit_job);
- if (r < 0) {
- log_error("Failed to start default target: %s", bus_error(&error, r));
+ if (r == -EPERM) {
+ log_error("Default target could not be isolated, starting instead: %s", bus_error(&error, r));
+ dbus_error_free(&error);
+
+ r = manager_add_job(m, JOB_START, target, JOB_REPLACE, false, &error, &default_unit_job);
+ if (r < 0) {
+ log_error("Failed to start default target: %s", bus_error(&error, r));
+ dbus_error_free(&error);
+ goto finish;
+ }
+ } else if (r < 0) {
+ log_error("Failed to isolate default target: %s", bus_error(&error, r));
dbus_error_free(&error);
goto finish;
}
+
m->default_unit_job_id = default_unit_job->id;
after_startup = now(CLOCK_MONOTONIC);
~ianmdlvl / elogind.git / blobdiff