I'm testing a runner of a patch but what I'm seeing is
setsockcreatecon called (in a sd-listen process) with the context I've
set using 'semanage port -t' but then when I look at the listening
socket context (netstat -Z) it is still init_t and not the type set by
setsockcreatecon. I'm not clear abo
I think I figured out how to add libsemanage to the link, when you see
the patch you can tell me if I did it right.
On Tue, Sep 6, 2022 at 11:46 AM Ted Toth wrote:
>
> I'm working on a patch and adding a function to selinux_util.c which
> calls libsemanage functions but I don't know how to add th
I'm working on a patch and adding a function to selinux_util.c which
calls libsemanage functions but I don't know how to add this library
to the link of the systemd (libsystemd-shared-.so) shared
library as I'm not familiar with the build, how do I do this?
Also a lot of the semanage functions on f
On Fr, 02.09.22 09:04, Ted Toth (txt...@gmail.com) wrote:
> I have set the type for the port in question using the 'semanage port'
> command so the loaded policy has a type which systemd should use when
> calling setsockcreatecon. It is my opinion that
> socket_determine_selinux_label function sho
I have set the type for the port in question using the 'semanage port'
command so the loaded policy has a type which systemd should use when
calling setsockcreatecon. It is my opinion that
socket_determine_selinux_label function should query policy for the
port type and if it has been set use it an
On Do, 25.08.22 14:46, Ted Toth (txt...@gmail.com) wrote:
> I've tested setting the type of the port using semanage port -a
> however when I start the service netstat still shows the type as
> init_t. I don't know of any other way to get a type transition of a
> socket to happen, do you?. I've als
I've tested setting the type of the port using semanage port -a
however when I start the service netstat still shows the type as
init_t. I don't know of any other way to get a type transition of a
socket to happen, do you?. I've also posted to the selinux list but
haven't gotten any responses yet.
On Mi, 24.08.22 11:50, Ted Toth (txt...@gmail.com) wrote:
> I don't see a way to set the context of the socket that systemd
> listens on. If there is a way to do this please tell me otherwise I'd
> like to see an option (SELinuxCreateContext?) added to be able to set
> the context (setsockcreateco
I don't see a way to set the context of the socket that systemd
listens on. If there is a way to do this please tell me otherwise I'd
like to see an option (SELinuxCreateContext?) added to be able to set
the context (setsockcreatecon) to be used by systemd when creating the
socket. Currently as an
