From 7b52a628f8b43ba521c302a7f32bccf9d0dc8bfd Mon Sep 17 00:00:00 2001
From: Michael Scherer <misc@zarb.org>
Date: Thu, 6 Feb 2014 10:05:16 +0100
Subject: exec: Add SELinuxContext configuration item
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.
---
 man/systemd.exec.xml | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'man/systemd.exec.xml')

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 7eaf52bc5b..4281c03cf6 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -950,6 +950,17 @@
                                 this service.</para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><varname>SELinuxContext=</varname></term>
+
+                                <listitem><para>Set the SELinux context of the
+                                executed process. If set, this will override the
+                                automated domain transition. However, the policy
+                                still need to autorize the transition. See
+                                <citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
+                                for details.</para></listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><varname>IgnoreSIGPIPE=</varname></term>
 
-- 
cgit v1.2.3-54-g00ecf