On Wed, Aug 27, 2014 at 04:45:32AM +0200, Zbigniew Jędrzejewski-Szmek wrote:
> On Mon, Aug 25, 2014 at 10:02:58AM +0200, Michal Sekletar wrote:
> >
> > +
> > SELinuxContextFromNet=
> > +Takes a boolean
> > +
On Thu, 28.08.14 12:56, Michal Sekletar (msekl...@redhat.com) wrote:
> On Tue, Aug 26, 2014 at 08:54:01PM +0200, Lennart Poettering wrote:
> > On Mon, 25.08.14 10:02, Michal Sekletar (msekl...@redhat.com) wrote:
> >
> > > +int label_get_our_label(char **label) {
> > > +int r = 0;
> > > +
On Tue, Aug 26, 2014 at 08:54:01PM +0200, Lennart Poettering wrote:
> On Mon, 25.08.14 10:02, Michal Sekletar (msekl...@redhat.com) wrote:
>
> > +int label_get_our_label(char **label) {
> > +int r = 0;
> > +char *l = NULL;
> > +
> > +#ifdef HAVE_SELINUX
> > +r = getcon(&l);
On Wed, 27.08.14 04:45, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> > +}
> > +
> > +bcon = context_new(mycon);
> > +if (!bcon)
> > +goto out;
> This will return 0. Should return log_oom() or ENOMEM instead?
Please use ENOMEM here, don't use log
On Mon, Aug 25, 2014 at 10:02:58AM +0200, Michal Sekletar wrote:
>
> +
> SELinuxContextFromNet=
> +Takes a boolean
> +value. Controls whether systemd attempts to
> figure out
> +
On Mon, 25.08.14 10:02, Michal Sekletar (msekl...@redhat.com) wrote:
> +int label_get_our_label(char **label) {
> +int r = 0;
> +char *l = NULL;
> +
> +#ifdef HAVE_SELINUX
> +r = getcon(&l);
> +if (r < 0)
> +return r;
> +
> +*label = l;
> +#e
This makes possible to spawn service instances triggered by socket with
MLS/MCS SELinux labels which are created based on information provided by
connected peer.
Implementation of label_get_child_mls_label derived from xinetd.
Reviewed-by: Paul Moore
---
Changes in v3:
* renamed option
