socket: introduce SELinuxContextFromNet option

This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
author: Michal Sekletar <msekleta@redhat.com> 2014-07-24 10:40:28 +0200
committer: Michal Sekletar <msekleta@redhat.com> 2014-09-19 12:32:06 +0200
commit: 16115b0a7b7cdf08fb38084d857d572d8a9088dc (patch)
tree: 2695c51cb8574ca2f1c6ea7bb90db11c4b5a88a2 /src/shared/label.h
parent: 863f3ce0d050f005839f6aa41fe7bac5478a7b5e (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/shared/label.h b/src/shared/label.h
index cb2ec79eea..ce1e5c3f57 100644
--- a/src/shared/label.h
+++ b/src/shared/label.h
@@ -40,6 +40,8 @@ void label_context_clear(void);
 void label_free(const char *label);
 
 int label_get_create_label_from_exe(const char *exe, char **label);
+int label_get_our_label(char **label);
+int label_get_child_mls_label(int socket_fd, const char *exec, char **label);
 
 int label_mkdir(const char *path, mode_t mode);
author	Michal Sekletar <msekleta@redhat.com>	2014-07-24 10:40:28 +0200
committer	Michal Sekletar <msekleta@redhat.com>	2014-09-19 12:32:06 +0200
commit	16115b0a7b7cdf08fb38084d857d572d8a9088dc (patch)
tree	2695c51cb8574ca2f1c6ea7bb90db11c4b5a88a2 /src/shared/label.h
parent	863f3ce0d050f005839f6aa41fe7bac5478a7b5e (diff)