From 7a58bfa4aef88c9ddead6668d83640f762938e72 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Thu, 22 Jul 2010 17:01:25 -0400
Subject: socket: SELinux support for socket creation.

It seems to work on my machine.

/proc/1/fd/20	system_u:system_r:system_dbusd_t:s0

/proc/1/fd/21	system_u:system_r:avahi_t:s0

And the AVC's seem to have dissapeared when a confined app trys to
connect to dbus or avahi.

If you run with this patch and selinux-policy-3.8.8-3.fc14.noarch
You should be able to boot in enforcing mode.
---
 src/socket-util.h | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'src/socket-util.h')

diff --git a/src/socket-util.h b/src/socket-util.h
index 68c579b035..841570f002 100644
--- a/src/socket-util.h
+++ b/src/socket-util.h
@@ -26,6 +26,7 @@
 #include <netinet/in.h>
 #include <sys/un.h>
 #include <net/if.h>
+#include <selinux/selinux.h>
 
 #include "macro.h"
 #include "util.h"
@@ -71,7 +72,7 @@ int socket_address_listen(
                 bool free_bind,
                 mode_t directory_mode,
                 mode_t socket_mode,
-                /* FIXME SELINUX: pass SELinux context object here */
+                security_context_t scon,
                 int *ret);
 
 bool socket_address_is(const SocketAddress *a, const char *s, int type);
-- 
cgit v1.2.3-54-g00ecf