swap: introduce Discard property

[elogind.git] / src / core / execute.c

diff --git a/src/core/execute.c b/src/core/execute.c
index 2b16b36c19b187853061f90c0918506086c94716..07ec7a28d642bb5b069973ca4bb9c9bee1deff58 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -84,6 +84,7 @@
 #include "mkdir.h"
 #include "apparmor-util.h"
 #include "bus-kernel.h"
+#include "label.h"
 
 #ifdef HAVE_SECCOMP
 #include "seccomp-util.h"
@@ -939,7 +940,7 @@ static void rename_process_from_path(const char *path) {
 
 #ifdef HAVE_SECCOMP
 
-static int apply_seccomp(ExecContext *c) {
+static int apply_seccomp(const ExecContext *c) {
         uint32_t negative_action, action;
         scmp_filter_ctx *seccomp;
         Iterator i;
@@ -988,7 +989,7 @@ finish:
         return r;
 }
 
-static int apply_address_families(ExecContext *c) {
+static int apply_address_families(const ExecContext *c) {
         scmp_filter_ctx *seccomp;
         Iterator i;
         int r;
@@ -1665,11 +1666,29 @@ static int exec_child(ExecCommand *command,
 #endif
 
 #ifdef HAVE_SELINUX
-                if (context->selinux_context && use_selinux()) {
-                        err = setexeccon(context->selinux_context);
-                        if (err < 0 && !context->selinux_context_ignore) {
-                                *error = EXIT_SELINUX_CONTEXT;
-                                return err;
+                if (use_selinux()) {
+                        if (context->selinux_context) {
+                                err = setexeccon(context->selinux_context);
+                                if (err < 0 && !context->selinux_context_ignore) {
+                                        *error = EXIT_SELINUX_CONTEXT;
+                                        return err;
+                                }
+                        }
+
+                        if (params->selinux_context_net && socket_fd >= 0) {
+                                _cleanup_free_ char *label = NULL;
+
+                                err = label_get_child_mls_label(socket_fd, command->path, &label);
+                                if (err < 0) {
+                                        *error = EXIT_SELINUX_CONTEXT;
+                                        return err;
+                                }
+
+                                err = setexeccon(label);
+                                if (err < 0) {
+                                        *error = EXIT_SELINUX_CONTEXT;
+                                        return err;
+                                }
                         }
                 }
 #endif
@@ -2547,6 +2566,31 @@ int exec_command_set(ExecCommand *c, const char *path, ...) {
         return 0;
 }
 
+int exec_command_append(ExecCommand *c, const char *path, ...) {
+        va_list ap;
+        char **l;
+        int r;
+
+        assert(c);
+        assert(path);
+
+        va_start(ap, path);
+        l = strv_new_ap(path, ap);
+        va_end(ap);
+
+        if (!l)
+                return -ENOMEM;
+
+        r = strv_extend_strv(&c->argv, l);
+        if (r < 0) {
+                strv_free(l);
+                return r;
+        }
+
+        return 0;
+}
+
+
 static int exec_runtime_allocate(ExecRuntime **rt) {
 
         if (*rt)