Re: socket activation selinux context on create

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I'm working on a patch and adding a function to selinux_util.c which
calls libsemanage functions but I don't know how to add this library
to the link of the systemd (libsystemd-shared-<version>.so) shared
library as I'm not familiar with the build, how do I do this?
Also a lot of the semanage functions on failure do not set errno so
how should I log these failures, i.e. which log_ function should I
call?

Ted

On Fri, Sep 2, 2022 at 9:13 AM Lennart Poettering
<lennart@xxxxxxxxxxxxxx> wrote:
>
> On Fr, 02.09.22 09:04, Ted Toth (txtoth@xxxxxxxxx) wrote:
>
> > I have set the type for the port in question using the 'semanage port'
> > command so the loaded policy has a type which systemd should use when
> > calling setsockcreatecon. It is my opinion that
> > socket_determine_selinux_label function should query policy for the
> > port type and if it has been set use it and if not fallback to its
> > current behavior.
>
> Sure, patch very welcome.
>
> SELinux code really requires external contributions, none of the core
> developers know SELinux too well to do feel confident to implement
> that.
>
> (consider filing an RFE issue on github, so that this is tracked)
>
> Lennart
>
> --
> Lennart Poettering, Berlin
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux