X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fcore%2Fsocket.c;h=34ce1b1ffd54c6f84da894447aad23295884921f;hp=a16b20d739239dde9b0975f8a78d0c0dc48067be;hb=cf8bd44339b00330fdbc91041d6731ba8aba9fec;hpb=6c3e68e7c1adc6176526e69769bf2eba86cdd257 diff --git a/src/core/socket.c b/src/core/socket.c index a16b20d73..34ce1b1ff 100644 --- a/src/core/socket.c +++ b/src/core/socket.c @@ -31,6 +31,10 @@ #include #include +#ifdef HAVE_SELINUX +#include +#endif + #include "sd-event.h" #include "log.h" #include "load-dropin.h" @@ -488,7 +492,8 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { "%sPassCredentials: %s\n" "%sPassSecurity: %s\n" "%sTCPCongestion: %s\n" - "%sRemoveOnStop: %s\n", + "%sRemoveOnStop: %s\n" + "%sSELinuxLabelViaNet: %s\n", prefix, socket_state_to_string(s->state), prefix, socket_result_to_string(s->result), prefix, socket_address_bind_ipv6_only_to_string(s->bind_ipv6_only), @@ -503,7 +508,8 @@ static void socket_dump(Unit *u, FILE *f, const char *prefix) { prefix, yes_no(s->pass_cred), prefix, yes_no(s->pass_sec), prefix, strna(s->tcp_congestion), - prefix, yes_no(s->remove_on_stop)); + prefix, yes_no(s->remove_on_stop), + prefix, yes_no(s->selinux_label_via_net)); if (s->control_pid > 0) fprintf(f, @@ -1130,7 +1136,14 @@ static int socket_open_fds(Socket *s) { continue; if (p->type == SOCKET_SOCKET) { - +#ifdef HAVE_SELINUX + if (!know_label && s->selinux_label_via_net) { + r = getcon(&label); + if (r < 0) + return r; + know_label = true; + } +#endif if (!know_label) { r = socket_instantiate_service(s); @@ -1829,6 +1842,9 @@ static void socket_enter_running(Socket *s, int cfd) { cfd = -1; s->n_connections ++; + if (s->selinux_label_via_net) + service->exec_context.selinux_label_via_net = true; + r = manager_add_job(UNIT(s)->manager, JOB_START, UNIT(service), JOB_REPLACE, true, &error, NULL); if (r < 0) goto fail;