#include "af-list.h"
#include "mkdir.h"
#include "apparmor-util.h"
+#include "label.h"
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
i == EXEC_INPUT_TTY_FAIL,
i == EXEC_INPUT_TTY_FORCE,
false,
- (usec_t) -1);
+ USEC_INFINITY);
if (fd < 0)
return fd;
if (!line)
return -ENOMEM;
- r = ask(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
+ r = ask_char(response, "yns", "Execute %s? [Yes, No, Skip] ", line);
restore_confirm_stdio(&saved_stdin, &saved_stdout);
goto fail_child;
}
- if (context->timer_slack_nsec != (nsec_t) -1)
+ if (context->timer_slack_nsec != NSEC_INFINITY)
if (prctl(PR_SET_TIMERSLACK, context->timer_slack_nsec) < 0) {
err = -errno;
r = EXIT_TIMERSLACK;
goto fail_child;
}
}
+
+ if (context->selinux_label_via_net && use_selinux()) {
+ _cleanup_free_ char *label = NULL;
+
+ err = label_get_child_label(socket_fd, command->path, &label);
+ if (err < 0) {
+ r = EXIT_SELINUX_CONTEXT;
+ goto fail_child;
+ }
+
+ err = setexeccon(label);
+ if (err < 0) {
+ r = EXIT_SELINUX_CONTEXT;
+ goto fail_child;
+ }
+ }
#endif
#ifdef HAVE_APPARMOR
c->syslog_priority = LOG_DAEMON|LOG_INFO;
c->syslog_level_prefix = true;
c->ignore_sigpipe = true;
- c->timer_slack_nsec = (nsec_t) -1;
+ c->timer_slack_nsec = NSEC_INFINITY;
c->personality = 0xffffffffUL;
c->runtime_directory_mode = 0755;
}
return -EINVAL;
}
for (n = 0; n < count; n++) {
- k = load_env_file(pglob.gl_pathv[n], NULL, &p);
+ k = load_env_file(NULL, pglob.gl_pathv[n], NULL, &p);
if (k < 0) {
if (ignore)
continue;
"%sPrivateDevices: %s\n"
"%sProtectHome: %s\n"
"%sProtectSystem: %s\n"
- "%sIgnoreSIGPIPE: %s\n",
+ "%sIgnoreSIGPIPE: %s\n"
+ "%sSELinuxLabelViaNet: %s\n",
prefix, c->umask,
prefix, c->working_directory ? c->working_directory : "/",
prefix, c->root_directory ? c->root_directory : "/",
prefix, yes_no(c->private_devices),
prefix, protect_home_to_string(c->protect_home),
prefix, protect_system_to_string(c->protect_system),
- prefix, yes_no(c->ignore_sigpipe));
+ prefix, yes_no(c->ignore_sigpipe),
+ prefix, yes_no(c->selinux_label_via_net));
STRV_FOREACH(e, c->environment)
fprintf(f, "%sEnvironment: %s\n", prefix, *e);
fputs("\n", f);
}
- if (c->timer_slack_nsec != (nsec_t) -1)
+ if (c->timer_slack_nsec != NSEC_INFINITY)
fprintf(f, "%sTimerSlackNSec: "NSEC_FMT "\n", prefix, c->timer_slack_nsec);
fprintf(f,