anitazha / rpms / systemd

Forked from rpms/systemd 3 years ago
Clone

Blame SOURCES/0367-selinux-pass-flag-to-correct-exec_spawn.patch

84b277
From c230e5e8efe72cf4137bf29a197059e5a23bb532 Mon Sep 17 00:00:00 2001
84b277
From: Michal Sekletar <msekleta@redhat.com>
84b277
Date: Mon, 13 Oct 2014 13:57:08 +0200
84b277
Subject: [PATCH] selinux: pass flag to correct exec_spawn
84b277
84b277
We want to spawn service with label passed by remote peer and not processes
84b277
spawned by socket unit itself.
84b277
84b277
RHEL-only patch
84b277
84b277
Related: #1113790
84b277
---
84b277
 src/core/service.c | 2 +-
84b277
 src/core/socket.c  | 2 +-
84b277
 2 files changed, 2 insertions(+), 2 deletions(-)
84b277
84b277
diff --git a/src/core/service.c b/src/core/service.c
84b277
index 7ef2b3a..635a953 100644
84b277
--- a/src/core/service.c
84b277
+++ b/src/core/service.c
84b277
@@ -1867,7 +1867,7 @@ static int service_spawn(
84b277
                        apply_chroot,
84b277
                        apply_tty_stdin,
84b277
                        UNIT(s)->manager->confirm_spawn,
84b277
-                       false,
84b277
+                       s->socket_fd_selinux_context_net,
84b277
                        UNIT(s)->manager->cgroup_supported,
84b277
                        path,
84b277
                        UNIT(s)->id,
84b277
diff --git a/src/core/socket.c b/src/core/socket.c
84b277
index 958d063..1a91700 100644
84b277
--- a/src/core/socket.c
84b277
+++ b/src/core/socket.c
84b277
@@ -1234,7 +1234,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
84b277
                        true,
84b277
                        true,
84b277
                        UNIT(s)->manager->confirm_spawn,
84b277
-                       s->selinux_context_from_net,
84b277
+                       false,
84b277
                        UNIT(s)->manager->cgroup_supported,
84b277
                        UNIT(s)->cgroup_path,
84b277
                        UNIT(s)->id,