[systemd-devel] socket activation selinux context on create
Ted Toth
txtoth at gmail.com
Tue Sep 6 16:46:45 UTC 2022
I'm working on a patch and adding a function to selinux_util.c which
calls libsemanage functions but I don't know how to add this library
to the link of the systemd (libsystemd-shared-<version>.so) shared
library as I'm not familiar with the build, how do I do this?
Also a lot of the semanage functions on failure do not set errno so
how should I log these failures, i.e. which log_ function should I
call?
Ted
On Fri, Sep 2, 2022 at 9:13 AM Lennart Poettering
<lennart at poettering.net> wrote:
>
> On Fr, 02.09.22 09:04, Ted Toth (txtoth at gmail.com) wrote:
>
> > I have set the type for the port in question using the 'semanage port'
> > command so the loaded policy has a type which systemd should use when
> > calling setsockcreatecon. It is my opinion that
> > socket_determine_selinux_label function should query policy for the
> > port type and if it has been set use it and if not fallback to its
> > current behavior.
>
> Sure, patch very welcome.
>
> SELinux code really requires external contributions, none of the core
> developers know SELinux too well to do feel confident to implement
> that.
>
> (consider filing an RFE issue on github, so that this is tracked)
>
> Lennart
>
> --
> Lennart Poettering, Berlin
More information about the systemd-devel
mailing list