diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-08-19 19:16:08 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-08-19 19:16:08 +0200 |
commit | 3bb07b7680c543c982077ac075abe8badeb46ca1 (patch) | |
tree | 958ea1a7da76d0cb817c30f2b6d1abad41e0691f /src/core/execute.c | |
parent | 8530dc4467691a893aa2e07319b18a84fec96cad (diff) |
Revert "socket: introduce SELinuxLabelViaNet option"
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec.
Needs more discussion on the mailing list.
Diffstat (limited to 'src/core/execute.c')
-rw-r--r-- | src/core/execute.c | 23 |
1 files changed, 2 insertions, 21 deletions
diff --git a/src/core/execute.c b/src/core/execute.c index 129791294e..d8452a666c 100644 --- a/src/core/execute.c +++ b/src/core/execute.c @@ -83,7 +83,6 @@ #include "af-list.h" #include "mkdir.h" #include "apparmor-util.h" -#include "label.h" #ifdef HAVE_SECCOMP #include "seccomp-util.h" @@ -1730,22 +1729,6 @@ int exec_spawn(ExecCommand *command, goto fail_child; } } - - if (context->selinux_label_via_net && use_selinux()) { - _cleanup_free_ char *label = NULL; - - err = label_get_child_label(socket_fd, command->path, &label); - if (err < 0) { - r = EXIT_SELINUX_CONTEXT; - goto fail_child; - } - - err = setexeccon(label); - if (err < 0) { - r = EXIT_SELINUX_CONTEXT; - goto fail_child; - } - } #endif #ifdef HAVE_APPARMOR @@ -2129,8 +2112,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { "%sPrivateDevices: %s\n" "%sProtectHome: %s\n" "%sProtectSystem: %s\n" - "%sIgnoreSIGPIPE: %s\n" - "%sSELinuxLabelViaNet: %s\n", + "%sIgnoreSIGPIPE: %s\n", prefix, c->umask, prefix, c->working_directory ? c->working_directory : "/", prefix, c->root_directory ? c->root_directory : "/", @@ -2140,8 +2122,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) { prefix, yes_no(c->private_devices), prefix, protect_home_to_string(c->protect_home), prefix, protect_system_to_string(c->protect_system), - prefix, yes_no(c->ignore_sigpipe), - prefix, yes_no(c->selinux_label_via_net)); + prefix, yes_no(c->ignore_sigpipe)); STRV_FOREACH(e, c->environment) fprintf(f, "%sEnvironment: %s\n", prefix, *e); |