[systemd-devel] socket activation selinux context on create
Ted Toth
txtoth at gmail.com
Tue Sep 6 21:51:28 UTC 2022
I think I figured out how to add libsemanage to the link, when you see
the patch you can tell me if I did it right.
On Tue, Sep 6, 2022 at 11:46 AM Ted Toth <txtoth at gmail.com> wrote:
>
> I'm working on a patch and adding a function to selinux_util.c which
> calls libsemanage functions but I don't know how to add this library
> to the link of the systemd (libsystemd-shared-<version>.so) shared
> library as I'm not familiar with the build, how do I do this?
> Also a lot of the semanage functions on failure do not set errno so
> how should I log these failures, i.e. which log_ function should I
> call?
>
> Ted
>
> On Fri, Sep 2, 2022 at 9:13 AM Lennart Poettering
> <lennart at poettering.net> wrote:
> >
> > On Fr, 02.09.22 09:04, Ted Toth (txtoth at gmail.com) wrote:
> >
> > > I have set the type for the port in question using the 'semanage port'
> > > command so the loaded policy has a type which systemd should use when
> > > calling setsockcreatecon. It is my opinion that
> > > socket_determine_selinux_label function should query policy for the
> > > port type and if it has been set use it and if not fallback to its
> > > current behavior.
> >
> > Sure, patch very welcome.
> >
> > SELinux code really requires external contributions, none of the core
> > developers know SELinux too well to do feel confident to implement
> > that.
> >
> > (consider filing an RFE issue on github, so that this is tracked)
> >
> > Lennart
> >
> > --
> > Lennart Poettering, Berlin
More information about the systemd-devel
mailing list