socket: introduce SELinuxContextFromNet option

System Internals / systemd - Michal Sekletar [redhat.com] - 19 September 2014 05:32 UTC

This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer.

Implementation of label_get_child_mls_label derived from xinetd.

16115b0 socket: introduce SELinuxContextFromNet option
man/systemd.socket.xml | 26 ++++++++
src/core/execute.c | 29 +++++++--
src/core/execute.h | 1 +
src/core/load-fragment-gperf.gperf.m4 | 3 +
src/core/service.c | 4 +-
src/core/service.h | 3 +-
src/core/socket.c | 16 +++--
src/core/socket.h | 2 +
src/shared/label.c | 113 +++++++++++++++++++++++++++++++++
src/shared/label.h | 2 +
10 files changed, 187 insertions(+), 12 deletions(-)

Upstream: github.com

Related systemd Activity

socket: add SocketUser= and SocketGroup= for chown()ing sockets in the file system
Lennart Poettering

Recent systemd Activity

hwdb: add Medion Akoya E2228T MD61900 (#18317)
corvusnix

varlink: make 'userdata' pointer inheritance from varlink server to connection optional
Lennart Poettering

udev: use DEFINE_MAIN_FUNCTION in cdrom_id
Dan Streetman

network: add support to RoutingPolicyRule lookup table name
Susant Sahani

resolved: fix use-after-free with queries hitting the cache
Zbigniew Jędrzejewski-Szmek

socket: introduce SELinuxContextFromNet option

System Internals / systemd - Michal Sekletar [redhat.com] - 19 September 2014 05:32 UTC

Related systemd Activity

Share

Recent systemd Activity