socket: introduce SELinuxContextFromNet option

This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
author: Michal Sekletar <msekleta@redhat.com> 2014-07-24 10:40:28 +0200
committer: Michal Sekletar <msekleta@redhat.com> 2014-09-19 12:32:06 +0200
commit: 16115b0a7b7cdf08fb38084d857d572d8a9088dc (patch)
tree: 2695c51cb8574ca2f1c6ea7bb90db11c4b5a88a2 /src/core/socket.h
parent: 863f3ce0d050f005839f6aa41fe7bac5478a7b5e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/core/socket.h b/src/core/socket.h
index eede70564a..a2e08998c0 100644
--- a/src/core/socket.h
+++ b/src/core/socket.h
@@ -165,6 +165,8 @@ struct Socket {
         char *smack_ip_in;
         char *smack_ip_out;
 
+        bool selinux_context_from_net;
+
         char *user, *group;
 };
author	Michal Sekletar <msekleta@redhat.com>	2014-07-24 10:40:28 +0200
committer	Michal Sekletar <msekleta@redhat.com>	2014-09-19 12:32:06 +0200
commit	16115b0a7b7cdf08fb38084d857d572d8a9088dc (patch)
tree	2695c51cb8574ca2f1c6ea7bb90db11c4b5a88a2 /src/core/socket.h
parent	863f3ce0d050f005839f6aa41fe7bac5478a7b5e (diff)