[systemd-devel] socket activation socket context when using SELinuxContextFromNet
Ted Toth
txtoth at gmail.com
Mon Sep 12 18:26:09 UTC 2022
I've been looking at the issue of systemd setting the socket
activation socket context to init_t when using SELinuxContextFromNet.
My initial thought was to use the port context set by running semanage
and compute the socket context using a type transition for the port
type to a socket type. However after consulting the selinux community
the consensus is not to do this but rather to simply use the target
executables context. Currently systemd does compute the executables
context when SELinuxContextFromNet is not used. Can anyone explain why
the computed executables context is not used when
SELinuxContextFromNet is set?
Ted
More information about the systemd-devel
mailing list