[systemd-devel] systemd.socket man pages update suggestion
Mantas Mikulėnas
grawity at gmail.com
Sat Jun 12 16:05:50 UTC 2021
On Thu, Jun 10, 2021 at 9:44 PM Ted Toth <txtoth at gmail.com> wrote:
> SELinuxContextFromNet=
> Takes a boolean argument. When true, systemd will attempt to
> figure out the SELinux label used for the instantiated
> service from the information handed by the peer over the
> network. Note that only the security level is used from the
> information provided by the peer. Other parts of the
> resulting SELinux context originate from either the target
> binary that is effectively triggered by socket unit or from
> the value of the SELinuxContext= option. This configuration
> option only affects sockets with Accept= mode set to "yes".
> Also note that this option is useful only when MLS/MCS
> SELinux policy is deployed. Defaults to "false".
>
> Add:
> One or more of the associated service files
> StandardInput/StandardOutput/StandardError options should be set to
> socket for this option to work.
>
IMHO that is a bit odd. I don't really see the reason why the option
wouldn't work with any Accept=yes service and would require stdin
specifically...
--
Mantas Mikulėnas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210612/f8338291/attachment.htm>
More information about the systemd-devel
mailing list