I'm testing a runner of a patch but what I'm seeing is
setsockcreatecon called (in a sd-listen process) with the context I've
set using 'semanage port -t' but then when I look at the listening
socket context (netstat -Z) it is still init_t and not the type set by
setsockcreatecon. I'm not clear
I think I figured out how to add libsemanage to the link, when you see
the patch you can tell me if I did it right.
On Tue, Sep 6, 2022 at 11:46 AM Ted Toth wrote:
>
> I'm working on a patch and adding a function to selinux_util.c which
> calls libsemanage functions but I don't know how to add
I'm working on a patch and adding a function to selinux_util.c which
calls libsemanage functions but I don't know how to add this library
to the link of the systemd (libsystemd-shared-.so) shared
library as I'm not familiar with the build, how do I do this?
Also a lot of the semanage functions on
On Fr, 02.09.22 09:04, Ted Toth (txt...@gmail.com) wrote:
> I have set the type for the port in question using the 'semanage port'
> command so the loaded policy has a type which systemd should use when
> calling setsockcreatecon. It is my opinion that
> socket_determine_selinux_label function
I have set the type for the port in question using the 'semanage port'
command so the loaded policy has a type which systemd should use when
calling setsockcreatecon. It is my opinion that
socket_determine_selinux_label function should query policy for the
port type and if it has been set use it
On Do, 25.08.22 14:46, Ted Toth (txt...@gmail.com) wrote:
> I've tested setting the type of the port using semanage port -a
> however when I start the service netstat still shows the type as
> init_t. I don't know of any other way to get a type transition of a
> socket to happen, do you?. I've
I've tested setting the type of the port using semanage port -a
however when I start the service netstat still shows the type as
init_t. I don't know of any other way to get a type transition of a
socket to happen, do you?. I've also posted to the selinux list but
haven't gotten any responses yet.
On Mi, 24.08.22 11:50, Ted Toth (txt...@gmail.com) wrote:
> I don't see a way to set the context of the socket that systemd
> listens on. If there is a way to do this please tell me otherwise I'd
> like to see an option (SELinuxCreateContext?) added to be able to set
> the context
