#include <security/pam_appl.h>
#endif
+#ifdef HAVE_SELINUX
+#include <selinux/selinux.h>
+#endif
+
#include "execute.h"
#include "strv.h"
#include "macro.h"
#include "fileio.h"
#include "unit.h"
#include "async.h"
+#include "selinux-util.h"
#define IDLE_TIMEOUT_USEC (5*USEC_PER_SEC)
#define IDLE_TIMEOUT2_USEC (1*USEC_PER_SEC)
goto fail_child;
}
}
+#ifdef HAVE_SELINUX
+ if (context->selinux_context && use_selinux()) {
+ bool ignore;
+ char* c;
+
+ c = context->selinux_context;
+ if (c[0] == '-') {
+ c++;
+ ignore = true;
+ } else
+ ignore = false;
+
+ err = setexeccon(c);
+ if (err < 0 && !ignore) {
+ r = EXIT_SELINUX_CONTEXT;
+ goto fail_child;
+ }
+ }
+#endif
}
err = build_environment(context, n_fds, watchdog_usec, home, username, shell, &our_env);
free(c->utmp_id);
c->utmp_id = NULL;
+ free(c->selinux_context);
+ c->selinux_context = NULL;
+
free(c->syscall_filter);
c->syscall_filter = NULL;
}
fprintf(f,
"%sUtmpIdentifier: %s\n",
prefix, c->utmp_id);
+
+ if (c->selinux_context)
+ fprintf(f,
+ "%sSELinuxContext: %s\n",
+ prefix, c->selinux_context);
}
void exec_status_start(ExecStatus *s, pid_t pid) {