[systemd-devel] [PATCH] selinux: figure out selinux context applied on exec() before closing all fds

[Lennart Poettering]

On Wed, 12.11.14 13:53, Michal Sekletar (msekleta at redhat.com) wrote:

> We need original socket_fd around otherwise mac_selinux_get_child_mls_label
> fails with -EINVAL return code. Also don't call setexeccon twice but rather pass
> context value of SELinuxContext option as an extra argument.

OK, applied!

I trust this is tested and does the right thing, my SELinux-fu is way
too limited to really understand MLS and all this fancy stuff, in
order to verify that this is all OK.

Thanks,

Lennart

-- 
Lennart Poettering, Red Hat