selinux: figure out selinux context applied on exec() before closing all fds

We need original socket_fd around otherwise mac_selinux_get_child_mls_label fails with -EINVAL return code. Also don't call setexeccon twice but rather pass context value of SELinuxContext option as an extra argument.
author: Michal Sekletar <msekleta@redhat.com> 2014-11-12 13:53:27 +0100
committer: Lennart Poettering <lennart@poettering.net> 2014-12-04 03:00:01 +0100
commit: 9008e1ac925afcdef7b45042c03fa5444f1c52c2 (patch)
tree: bf56221d70f9c3acc210058e98294ba9f058aaf2 /src/shared/selinux-util.h
parent: fe0b9cd3ba25fb5063b6782983dde0a0c9915660 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/shared/selinux-util.h b/src/shared/selinux-util.h
index 7ff8c607b4..a694441000 100644
--- a/src/shared/selinux-util.h
+++ b/src/shared/selinux-util.h
@@ -36,7 +36,7 @@ int mac_selinux_apply(const char *path, const char *label);
 
 int mac_selinux_get_create_label_from_exe(const char *exe, char **label);
 int mac_selinux_get_our_label(char **label);
-int mac_selinux_get_child_mls_label(int socket_fd, const char *exec, char **label);
+int mac_selinux_get_child_mls_label(int socket_fd, const char *exe, const char *exec_label, char **label);
 void mac_selinux_free(char *label);
 
 int mac_selinux_create_file_prepare(const char *path, mode_t mode);
author	Michal Sekletar <msekleta@redhat.com>	2014-11-12 13:53:27 +0100
committer	Lennart Poettering <lennart@poettering.net>	2014-12-04 03:00:01 +0100
commit	9008e1ac925afcdef7b45042c03fa5444f1c52c2 (patch)
tree	bf56221d70f9c3acc210058e98294ba9f058aaf2 /src/shared/selinux-util.h
parent	fe0b9cd3ba25fb5063b6782983dde0a0c9915660 (diff)