Re: [systemd-devel] [PATCH v4] socket: introduce SELinuxContextFromNet option

On Wed, 03.09.14 19:39, Lennart Poettering (lenn...@poettering.net) wrote: Michal, I reworked some parts of your patch a bit in current git, as retrieving a label is something that cannot be made a NOP on non-selinux-enabled systems. It either must fail with an error, or return something useful,

Re: [systemd-devel] [PATCH v4] socket: introduce SELinuxContextFromNet option

On Tue, 02.09.14 15:17, Michal Sekletar (msekl...@redhat.com) wrote: > > -int service_set_socket_fd(Service *s, int fd, Socket *sock) { > +int service_set_socket_fd(Service *s, int fd, Socket *sock, bool > selinux_context_net) { > _cleanup_free_ char *peer = NULL; > int r; >

[systemd-devel] [PATCH v4] socket: introduce SELinuxContextFromNet option

This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore --- Changes in v4: * fixes in man pa