Ted Toth <txtoth@xxxxxxxxx> writes: > systemd uses a helper process (sd-listen) to create sockets and pass > their fds back to its parent. I've patched systemd to call semanage to > get the context for the port if it exists and create a context using > the returned type when calling setsockcreatecon. Everything looks > right i.e. the port type is retrieved, the context is created and > setsockcreatecon is called without errors. However 'netstat -Z' shows > the listening sockets type as init_t and not the type in the > setsockcreatecon call, is this the expected behavior? Can anyone help > me understand why this is happening? It is probably the context of the process listening on the port and not the context of the socket that binds to the port also i doubt you can rely on the presence of (lib)semanage (think small embedded devices with monolithic policy) > > Ted -- gpg --locate-keys dominick.grift@xxxxxxxxxxx Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 Dominick Grift
