core: ignore failure on setting smack process label when allowed

author Yu Watanabe <watanabe.yu+github@gmail.com>

Mon, 1 Nov 2021 04:48:32 +0000 (13:48 +0900)

committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>

Wed, 10 Nov 2021 14:01:30 +0000 (15:01 +0100)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Mon, 1 Nov 2021 04:48:32 +0000 (13:48 +0900)
committer Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Wed, 10 Nov 2021 14:01:30 +0000 (15:01 +0100)
diff --git a/src/core/execute.c b/src/core/execute.c

index e324db87ccdeca24ec70901ccdfaeff3156a265c..2f2de4d9cfa7d0e0808d54d4a4790cfd3cfc43c6 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -4408,7 +4408,7 @@ static int exec_child(
                   * process. This is the latest place before dropping capabilities. Other MAC context are set later. */
                  if (use_smack) {
                          r = setup_smack(context, executable_fd);
-                        if (r < 0) {
+                        if (r < 0 && !context->smack_process_label_ignore) {
                                  *exit_status = EXIT_SMACK_PROCESS_LABEL;
                                  return log_unit_error_errno(unit, r, "Failed to set SMACK process label: %m");
                          }
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Mon, 1 Nov 2021 04:48:32 +0000 (13:48 +0900)
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
	Wed, 10 Nov 2021 14:01:30 +0000 (15:01 +0100)