socket: introduce SELinuxContextFromNet option

This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
author: Michal Sekletar <msekleta@redhat.com> 2014-07-24 10:40:28 +0200
committer: Michal Sekletar <msekleta@redhat.com> 2014-09-19 12:32:06 +0200
commit: 16115b0a7b7cdf08fb38084d857d572d8a9088dc (patch)
tree: 2695c51cb8574ca2f1c6ea7bb90db11c4b5a88a2 /src/core/service.c
parent: 863f3ce0d050f005839f6aa41fe7bac5478a7b5e (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/src/core/service.c b/src/core/service.c
index 3f6595c5c8..395e0ca8c6 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -901,6 +901,7 @@ static int service_spawn(
                 .apply_chroot      = apply_chroot,
                 .apply_tty_stdin   = apply_tty_stdin,
                 .bus_endpoint_fd   = -1,
+                .selinux_context_net = s->socket_fd_selinux_context_net
         };
 
         assert(s);
@@ -2748,7 +2749,7 @@ static void service_bus_name_owner_change(
         }
 }
 
-int service_set_socket_fd(Service *s, int fd, Socket *sock) {
+int service_set_socket_fd(Service *s, int fd, Socket *sock, bool selinux_context_net) {
         _cleanup_free_ char *peer = NULL;
         int r;
 
@@ -2786,6 +2787,7 @@ int service_set_socket_fd(Service *s, int fd, Socket *sock) {
         }
 
         s->socket_fd = fd;
+        s->socket_fd_selinux_context_net = selinux_context_net;
 
         unit_ref_set(&s->accept_socket, UNIT(sock));
author	Michal Sekletar <msekleta@redhat.com>	2014-07-24 10:40:28 +0200
committer	Michal Sekletar <msekleta@redhat.com>	2014-09-19 12:32:06 +0200
commit	16115b0a7b7cdf08fb38084d857d572d8a9088dc (patch)
tree	2695c51cb8574ca2f1c6ea7bb90db11c4b5a88a2 /src/core/service.c
parent	863f3ce0d050f005839f6aa41fe7bac5478a7b5e (diff)