selinux: figure out selinux context applied on exec() before closing all fds

We need original socket_fd around otherwise mac_selinux_get_child_mls_label fails with -EINVAL return code. Also don't call setexeccon twice but rather pass context value of SELinuxContext option as an extra argument. Signed-off-by: Anthony G. Basile <blueness@gentoo.org>
author: Michal Sekletar <msekleta@redhat.com> 2014-11-12 13:53:27 +0100
committer: Anthony G. Basile <blueness@gentoo.org> 2014-12-04 17:37:10 -0500
commit: a2e46b539b55e3115af65ae7a4c36e80a2ae6abc (patch)
tree: c454ceac6906cad69a2045d4d86854e325d945f6 /src/shared/selinux-util.h
parent: a0d05ead08a9dd4b0432889f10f41c53966dc13f (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h
index dffd144513..744b1bcf45 100644
--- a/src/shared/selinux-util.h
+++ b/src/shared/selinux-util.h
@@ -35,7 +35,7 @@ int mac_selinux_apply(const char *path, const char *label);
 
 int mac_selinux_get_create_label_from_exe(const char *exe, char **label);
 int mac_selinux_get_our_label(char **label);
-int mac_selinux_get_child_mls_label(int socket_fd, const char *exec, char **label);
+int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label);
 void mac_selinux_free(char *label);
 
 int mac_selinux_create_file_prepare(const char *path, mode_t mode);
author	Michal Sekletar <msekleta@redhat.com>	2014-11-12 13:53:27 +0100
committer	Anthony G. Basile <blueness@gentoo.org>	2014-12-04 17:37:10 -0500
commit	a2e46b539b55e3115af65ae7a4c36e80a2ae6abc (patch)
tree	c454ceac6906cad69a2045d4d86854e325d945f6 /src/shared/selinux-util.h
parent	a0d05ead08a9dd4b0432889f10f41c53966dc13f (diff)