Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Skip to content
Commit b49bad80 authored by Stephen Smalley's avatar Stephen Smalley Committed by Steve Kondik
Browse files

Add support for socket security context specification. 



Add an optional argument to the socket option for specifying
a SELinux security context for the socket.  Normally the socket
security context is automatically computed from the service security
context or set using the seclabel option, but this facility allows
dealing with two scenarios that cannot be addressed using the existing
mechanisms:
1) Use of logwrapper to wrap a service.
In this case, init cannot determine the service security context
as it does not directly execute it and we do not want logwrapper
to run in the same domain as the service.

2) Situations where a service has multiple sockets and we want to
label them distinctly.

Change-Id: I7ae9088c326a2140e56a8044bfb21a91505aea11
Signed-off-by: default avatarStephen Smalley <sds@tycho.nsa.gov>

Conflicts:
	init/init.c
	init/util.c
parent f0c9dd46
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment