From c230e5e8efe72cf4137bf29a197059e5a23bb532 Mon Sep 17 00:00:00 2001

From: Michal Sekletar <msekleta@redhat.com>

Date: Mon, 13 Oct 2014 13:57:08 +0200

Subject: [PATCH] selinux: pass flag to correct exec_spawn

We want to spawn service with label passed by remote peer and not processes

spawned by socket unit itself.

RHEL-only patch

Related: #1113790

---

 src/core/service.c | 2 +-

 src/core/socket.c  | 2 +-

 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/core/service.c b/src/core/service.c

index 7ef2b3a..635a953 100644

--- a/src/core/service.c

+++ b/src/core/service.c

@@ -1867,7 +1867,7 @@ static int service_spawn(

                        apply_chroot,

                        apply_tty_stdin,

                        UNIT(s)->manager->confirm_spawn,

-                       false,

+                       s->socket_fd_selinux_context_net,

                        UNIT(s)->manager->cgroup_supported,

                        path,

                        UNIT(s)->id,

diff --git a/src/core/socket.c b/src/core/socket.c

index 958d063..1a91700 100644

--- a/src/core/socket.c

+++ b/src/core/socket.c

@@ -1234,7 +1234,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {

                        true,

                        true,

                        UNIT(s)->manager->confirm_spawn,

-                       s->selinux_context_from_net,

+                       false,

                        UNIT(s)->manager->cgroup_supported,

                        UNIT(s)->cgroup_path,

                        UNIT(s)->id,