Security/Tizen 2.X systemd

From Tizen Wiki
Jump to: navigation, search

Systemd?

  • The Systemd is a suite of basic building blocks for a Linux system.
    It provides a system and service manager that runs as PID 1 and starts the rest of the system.
  • You can find more information regarding Systemd in here.


Smack in Systemd

  • The Systemd supports some options for Smack.
  • system.unit
    • ConditionSecurity=
      • Used to check whether the given security module is enabled on the system. Currently the recognized values are selinux, apparmor, ima, smack and audit. The test may be negated by prepending an exclamation mark.
  • system.exec
    • SmackProcessLabel=
      • Takes a SMACK64 security label as argument. The process executed by the unit will be started under this label and Smack will decide whether the processes is allowed to run or not based on it.
  • system.socket
    • SmackLabel= SmackLabelIPIn= SmackLabelIPOut=
      • Takes a string value. Controls the extended attributes "security.SMACK64", "security.SMACK64IPIN" and "security.SMACK64IPOUT", respectively, i.e. the security label of the FIFO, or the security label for the incoming or outgoing connections of the socket, respectively.
  • Example

smack-default-labeling.service

[Unit]
Description=Default SMACK labeling
ConditionSecurity=smack
DefaultDependencies=no
Requires=smack.service local-fs.target tizen-system.target
After=smack.service local-fs.target tizen-system.target
Before=multi-user.target

[Service]
Type=oneshot
ExecStart=/etc/rc.d/init.d/smack_default_labeling

[Install]
WantedBy=tizen-runtime.target

dbus.socket

[Unit]
Description=D-Bus System Message Bus Socket

[Socket]
ListenStream=@DBUS_SYSTEM_SOCKET@
SmackLabelIPIn=*
SmackLabelIPOut=@