systemd: add SMACK support option.

A new configuration option is available in systemd menu, to enable
support for SMACK.

For this feature to properly work, systemd requires attr (build
dependency, also used for other features) and smack (runtime dependency).

Signed-off-by: Eric Le Bihan <eric.le.bihan.dev@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

2 files changed, 27 insertions, 0 deletions

diff --git a/package/systemd/Config.in b/package/systemd/Config.in
index ce144155e2..58f76a5dbf 100644
--- a/package/systemd/Config.in
+++ b/package/systemd/Config.in
@@ -118,4 +118,18 @@ config BR2_PACKAGE_SYSTEMD_COMPAT
 
 	  This option enables the installation of compatibility *.pc files.
 
+config BR2_PACKAGE_SYSTEMD_SMACK_SUPPORT
+	bool "enable SMACK support"
+	select BR2_PACKAGE_ATTR
+	select BR2_PACKAGE_SMACK
+	help
+	  Enable support for SMACK, the Simple Mandatory Access Control
+	  Kernel, a minimal approach to Access Control implemented as a kernel
+	  LSM.
+
+	  This feature requires a kernel >= 3.8.
+
+	  When this feature is enabled, Systemd mounts smackfs and manages
+	  security labels for sockets.
+
 endif
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index ca51ddfd95..6de78872dd 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -63,6 +63,13 @@ else
 SYSTEMD_CONF_OPT += --disable-acl
 endif
 
+ifeq ($(BR2_PACKAGE_ATTR),y)
+SYSTEMD_CONF_OPT += --enable-attr
+SYSTEMD_DEPENDENCIES += attr
+else
+SYSTEMD_CONF_OPT += --disable-attr
+endif
+
 ifeq ($(BR2_PACKAGE_LIBGLIB2),y)
 SYSTEMD_CONF_OPT += --enable-gudev
 SYSTEMD_DEPENDENCIES += libglib2
@@ -105,6 +112,12 @@ else
 SYSTEMD_CONF_OPT += --disable-timesyncd
 endif
 
+ifeq ($(BR2_PACKAGE_SYSTEMD_SMACK_SUPPORT),y)
+SYSTEMD_CONF_OPT += --enable-smack
+else
+SYSTEMD_CONF_OPT += --disable-smack
+endif
+
 # mq_getattr needs -lrt
 SYSTEMD_MAKE_OPT += LIBS=-lrt
 SYSTEMD_MAKE_OPT += LDFLAGS+=-ldl