summaryrefslogtreecommitdiff
path: root/src/core/execute.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-08-19 19:16:08 +0200
committerLennart Poettering <lennart@poettering.net>2014-08-19 19:16:08 +0200
commit3bb07b7680c543c982077ac075abe8badeb46ca1 (patch)
tree958ea1a7da76d0cb817c30f2b6d1abad41e0691f /src/core/execute.c
parent8530dc4467691a893aa2e07319b18a84fec96cad (diff)
Revert "socket: introduce SELinuxLabelViaNet option"
This reverts commit cf8bd44339b00330fdbc91041d6731ba8aba9fec. Needs more discussion on the mailing list.
Diffstat (limited to 'src/core/execute.c')
-rw-r--r--src/core/execute.c23
1 files changed, 2 insertions, 21 deletions
diff --git a/src/core/execute.c b/src/core/execute.c
index 129791294e..d8452a666c 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -83,7 +83,6 @@
#include "af-list.h"
#include "mkdir.h"
#include "apparmor-util.h"
-#include "label.h"
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
@@ -1730,22 +1729,6 @@ int exec_spawn(ExecCommand *command,
goto fail_child;
}
}
-
- if (context->selinux_label_via_net && use_selinux()) {
- _cleanup_free_ char *label = NULL;
-
- err = label_get_child_label(socket_fd, command->path, &label);
- if (err < 0) {
- r = EXIT_SELINUX_CONTEXT;
- goto fail_child;
- }
-
- err = setexeccon(label);
- if (err < 0) {
- r = EXIT_SELINUX_CONTEXT;
- goto fail_child;
- }
- }
#endif
#ifdef HAVE_APPARMOR
@@ -2129,8 +2112,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
"%sPrivateDevices: %s\n"
"%sProtectHome: %s\n"
"%sProtectSystem: %s\n"
- "%sIgnoreSIGPIPE: %s\n"
- "%sSELinuxLabelViaNet: %s\n",
+ "%sIgnoreSIGPIPE: %s\n",
prefix, c->umask,
prefix, c->working_directory ? c->working_directory : "/",
prefix, c->root_directory ? c->root_directory : "/",
@@ -2140,8 +2122,7 @@ void exec_context_dump(ExecContext *c, FILE* f, const char *prefix) {
prefix, yes_no(c->private_devices),
prefix, protect_home_to_string(c->protect_home),
prefix, protect_system_to_string(c->protect_system),
- prefix, yes_no(c->ignore_sigpipe),
- prefix, yes_no(c->selinux_label_via_net));
+ prefix, yes_no(c->ignore_sigpipe));
STRV_FOREACH(e, c->environment)
fprintf(f, "%sEnvironment: %s\n", prefix, *e);