[systemd-devel] socket activation selinux context on create
Ted Toth
txtoth at gmail.com
Wed Aug 24 16:50:55 UTC 2022
I don't see a way to set the context of the socket that systemd
listens on. If there is a way to do this please tell me otherwise I'd
like to see an option (SELinuxCreateContext?) added to be able to set
the context (setsockcreatecon) to be used by systemd when creating the
socket. Currently as an extra layer of security I add code called in
the socket activation ExecStartPre process to check that the source
context (peercon) can connect to the target context (getcon). If a
sockets context was set by systemd I would have to perform this
additional check as my SELinux policy would do it for me.
Ted
More information about the systemd-devel
mailing list