[systemd-devel] socket activation selinux context on create

Lennart Poettering lennart at poettering.net
Fri Sep 2 14:13:45 UTC 2022


On Fr, 02.09.22 09:04, Ted Toth (txtoth at gmail.com) wrote:

> I have set the type for the port in question using the 'semanage port'
> command so the loaded policy has a type which systemd should use when
> calling setsockcreatecon. It is my opinion that
> socket_determine_selinux_label function should query policy for the
> port type and if it has been set use it and if not fallback to its
> current behavior.

Sure, patch very welcome.

SELinux code really requires external contributions, none of the core
developers know SELinux too well to do feel confident to implement
that.

(consider filing an RFE issue on github, so that this is tracked)

Lennart

--
Lennart Poettering, Berlin


More information about the systemd-devel mailing list