From 16115b0a7b7cdf08fb38084d857d572d8a9088dc Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Thu, 24 Jul 2014 10:40:28 +0200
Subject: socket: introduce SELinuxContextFromNet option

This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.

Implementation of label_get_child_mls_label derived from xinetd.

Reviewed-by: Paul Moore <pmoore@redhat.com>
---
 src/core/service.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/core/service.h')

diff --git a/src/core/service.h b/src/core/service.h
index ad0b3b381e..0db0c4d64c 100644
--- a/src/core/service.h
+++ b/src/core/service.h
@@ -161,6 +161,7 @@ struct Service {
 
         pid_t main_pid, control_pid;
         int socket_fd;
+        bool socket_fd_selinux_context_net;
 
         int bus_endpoint_fd;
 
@@ -205,7 +206,7 @@ extern const UnitVTable service_vtable;
 
 struct Socket;
 
-int service_set_socket_fd(Service *s, int fd, struct Socket *socket);
+int service_set_socket_fd(Service *s, int fd, struct Socket *socket, bool selinux_context_net);
 
 const char* service_state_to_string(ServiceState i) _const_;
 ServiceState service_state_from_string(const char *s) _pure_;
-- 
cgit v1.2.3-54-g00ecf