[systemd-devel] This patch adds SELinux support to systemd for socket creation.
Lennart Poettering
lennart at poettering.net
Thu Jul 22 20:11:14 PDT 2010
On Thu, 22.07.10 17:01, Daniel J Walsh (dwalsh at redhat.com) wrote:
> if ((r = socket_instantiate_service(s)) < 0)
> return r;
>
> log_debug("Socket unit %s will spawn service unit %s with
> executable path %s.",
> s->meta.id,
> s->service->meta.id,
> s->service->exec_command[SERVICE_EXEC_START]->path);
> */
>
>
> Was I supposed to uncomment this code or was this already called earlier
> in the code.
Yupp. It isn't necessary for the avahi/dbus cases but for
one-instance-per-connection daemons in classic inetd style (which we
want to use for sshd) this matters.
Thanks a lot for your patches. Very much appreciated! I have now merged
it and uncommented that one line. I also added a call to
setsockcreatecon(NULL) after the socket() call, I presume it was just
forgotten?
I think util.[ch] might actually be a better place for
selinux_getconfromexe() and selinux_getfileconfrompath(). I haven't
moved them there for now, since that would mean dropping the "static",
and since they have the selinux_ prefix they might then clash with other
symbols from the libselinux library namespace? I presume that libselinux
should be the sole owner of the selinux_xxx namespace?
Thanks,
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list