socket activation SELinuxContextFromNet issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm working on a proxy to encrypt rsync network communications using
systemd socket activation (Accept=yes, SELinuxContextFromNet=true) so
that the proxy is run at the level of the connection (the system is
running selinux mls policy). rsync has the same systemd socket
activation configuration as I want it to also run at the level of the
connection. When the proxy is activated it connects to 873 (rsync) and
systemd logs an error:
Jun  7 18:19:25 comms systemd: Started fast remote file copy program
daemon (127.0.0.1:53456).
Jun  7 18:19:25 comms systemd: Failed at step SELINUX_CONTEXT spawning
/usr/bin/rsync: Protocol not available
Jun  7 18:19:25 comms systemd:
rsyncd@16-127.0.0.1:873-127.0.0.1:53456.service: main process exited,
code=exited, status=229/SELINUX_CONTEXT
Jun  7 18:19:25 comms systemd: Unit
rsyncd@16-127.0.0.1:873-127.0.0.1:53456.service entered failed state.

Prior to connecting to 873 the proxy calls setsockcreatecon. I think
that the error is coming from a systemd getpeercon call. What I'm
confused about is why the socket would not have a context. Any ideas?

Another data point is that if I netcat directly to 873 systemd
starts rsync without any issues. Also if I proxy to another port (ex.
10000 instead of 873) and run a server on it getpeercon of the
connection from the proxy reports the expected context.

Ted
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux