X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fsocket.c;h=39652ef560300af2929ed611dd1184051fe41f7a;hb=0c2a5d721ece665618614d05049975ad84a9ee4a;hp=e9cf7b3e933c8a1b40831b91389f7e0d6a8a5797;hpb=7f416dae9bcf1cfb63689ee9ac851adf738f072b;p=elogind.git

diff --git a/src/core/socket.c b/src/core/socket.c
index e9cf7b3e9..39652ef56 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -967,7 +967,7 @@ static int fifo_address_create(
 
         mkdir_parents_label(path, directory_mode);
 
-        r = mac_selinux_context_set(path, S_IFIFO);
+        r = mac_selinux_create_file_prepare(path, S_IFIFO);
         if (r < 0)
                 goto fail;
 
@@ -990,7 +990,7 @@ static int fifo_address_create(
                 goto fail;
         }
 
-        mac_selinux_context_clear();
+        mac_selinux_create_file_clear();
 
         if (fstat(fd, &st) < 0) {
                 r = -errno;
@@ -1010,7 +1010,7 @@ static int fifo_address_create(
         return 0;
 
 fail:
-        mac_selinux_context_clear();
+        mac_selinux_create_file_clear();
         safe_close(fd);
 
         return r;
@@ -1120,7 +1120,7 @@ static int socket_symlink(Socket *s) {
                 return 0;
 
         STRV_FOREACH(i, s->symlinks)
-                symlink(p, *i);
+                symlink_label(p, *i);
 
         return 0;
 }
@@ -1150,7 +1150,7 @@ static int socket_open_fds(Socket *s) {
                                         /* Get it from the network label */
 
                                         r = mac_selinux_get_our_label(&label);
-                                        if (r < 0 && r != EOPNOTSUPP)
+                                        if (r < 0 && r != -EOPNOTSUPP)
                                                 goto rollback;
 
                                 } else {
@@ -1163,7 +1163,7 @@ static int socket_open_fds(Socket *s) {
                                         if (UNIT_ISSET(s->service) &&
                                             SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]) {
                                                 r = mac_selinux_get_create_label_from_exe(SERVICE(UNIT_DEREF(s->service))->exec_command[SERVICE_EXEC_START]->path, &label);
-                                                if (r < 0 && r != -EPERM && r != EOPNOTSUPP)
+                                                if (r < 0 && r != -EPERM && r != -EOPNOTSUPP)
                                                         goto rollback;
                                         }
                                 }
@@ -1414,6 +1414,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
         exec_params.confirm_spawn = UNIT(s)->manager->confirm_spawn;
         exec_params.cgroup_supported = UNIT(s)->manager->cgroup_supported;
         exec_params.cgroup_path = UNIT(s)->cgroup_path;
+        exec_params.cgroup_delegate = s->cgroup_context.delegate;
         exec_params.runtime_prefix = manager_get_runtime_prefix(UNIT(s)->manager);
         exec_params.unit_id = UNIT(s)->id;
 
@@ -1578,7 +1579,8 @@ static void socket_enter_signal(Socket *s, SocketState state, SocketResult f) {
         r = unit_kill_context(
                         UNIT(s),
                         &s->kill_context,
-                        state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM,
+                        (state != SOCKET_STOP_PRE_SIGTERM && state != SOCKET_FINAL_SIGTERM) ?
+                        KILL_KILL : KILL_TERMINATE,
                         -1,
                         s->control_pid,
                         false);