[systemd-devel] systemd.socket man pages update suggestion

Mantas Mikulėnas grawity at gmail.com
Sat Jun 12 16:05:50 UTC 2021


On Thu, Jun 10, 2021 at 9:44 PM Ted Toth <txtoth at gmail.com> wrote:

>  SELinuxContextFromNet=
>            Takes a boolean argument. When true, systemd will attempt to
>            figure out the SELinux label used for the instantiated
>            service from the information handed by the peer over the
>            network. Note that only the security level is used from the
>            information provided by the peer. Other parts of the
>            resulting SELinux context originate from either the target
>            binary that is effectively triggered by socket unit or from
>            the value of the SELinuxContext= option. This configuration
>            option only affects sockets with Accept= mode set to "yes".
>            Also note that this option is useful only when MLS/MCS
>            SELinux policy is deployed. Defaults to "false".
>
> Add:
> One or more of the associated service files
> StandardInput/StandardOutput/StandardError options should be set to
> socket for this option to work.
>

IMHO that is a bit odd. I don't really see the reason why the option
wouldn't work with any Accept=yes service and would require stdin
specifically...

-- 
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210612/f8338291/attachment.htm>


More information about the systemd-devel mailing list