[systemd-devel] [PATCH v4] socket: introduce SELinuxContextFromNet option
Lennart Poettering
lennart at poettering.net
Wed Sep 3 10:39:01 PDT 2014
On Tue, 02.09.14 15:17, Michal Sekletar (msekleta at redhat.com) wrote:
>
> -int service_set_socket_fd(Service *s, int fd, Socket *sock) {
> +int service_set_socket_fd(Service *s, int fd, Socket *sock, bool selinux_context_net) {
> _cleanup_free_ char *peer = NULL;
> int r;
>
> @@ -2743,6 +2744,8 @@ int service_set_socket_fd(Service *s, int fd, Socket *sock) {
> }
>
> s->socket_fd = fd;
> + s->socket_fd_selinux_context_net = selinux_context_net;
> +
>
> unit_ref_set(&s->accept_socket, UNIT(sock));
Nitpicking: There's one empty line too much here... separating this by
one empty line is good, two is too much.
> index 7ca8edb..eba17c0 100644
> --- a/src/core/socket.c
> +++ b/src/core/socket.c
> @@ -31,6 +31,10 @@
> #include <mqueue.h>
> #include <sys/xattr.h>
>
> +#ifdef HAVE_SELINUX
> +#include <selinux/selinux.h>
> +#endif
> +
This bit can go now, right? You are not calling into selinux libs
directly from socket.c now, are you?
Looks good otherwise!
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list