#include "mkdir.h"
#include "apparmor-util.h"
#include "bus-kernel.h"
+#include "label.h"
#ifdef HAVE_SECCOMP
#include "seccomp-util.h"
#endif
#ifdef HAVE_SELINUX
- if (context->selinux_context && use_selinux()) {
- err = setexeccon(context->selinux_context);
- if (err < 0 && !context->selinux_context_ignore) {
- *error = EXIT_SELINUX_CONTEXT;
- return err;
+ if (use_selinux()) {
+ if (context->selinux_context) {
+ err = setexeccon(context->selinux_context);
+ if (err < 0 && !context->selinux_context_ignore) {
+ *error = EXIT_SELINUX_CONTEXT;
+ return err;
+ }
+ }
+
+ if (params->selinux_context_net && socket_fd >= 0) {
+ _cleanup_free_ char *label = NULL;
+
+ err = label_get_child_mls_label(socket_fd, command->path, &label);
+ if (err < 0) {
+ *error = EXIT_SELINUX_CONTEXT;
+ return err;
+ }
+
+ err = setexeccon(label);
+ if (err < 0) {
+ *error = EXIT_SELINUX_CONTEXT;
+ return err;
+ }
}
}
#endif
return 0;
}
+int exec_command_append(ExecCommand *c, const char *path, ...) {
+ _cleanup_strv_free_ char **l = NULL;
+ va_list ap;
+ int r;
+
+ assert(c);
+ assert(path);
+
+ va_start(ap, path);
+ l = strv_new_ap(path, ap);
+ va_end(ap);
+
+ if (!l)
+ return -ENOMEM;
+
+ r = strv_extend_strv(&c->argv, l);
+ if (r < 0)
+ return r;
+
+ return 0;
+}
+
+
static int exec_runtime_allocate(ExecRuntime **rt) {
if (*rt)