From c230e5e8efe72cf4137bf29a197059e5a23bb532 Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Mon, 13 Oct 2014 13:57:08 +0200
Subject: [PATCH] selinux: pass flag to correct exec_spawn

We want to spawn service with label passed by remote peer and not processes
spawned by socket unit itself.

RHEL-only patch

Related: #1113790
---
 src/core/service.c | 2 +-
 src/core/socket.c  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/core/service.c b/src/core/service.c
index 7ef2b3a..635a953 100644
--- a/src/core/service.c
+++ b/src/core/service.c
@@ -1867,7 +1867,7 @@ static int service_spawn(
                        apply_chroot,
                        apply_tty_stdin,
                        UNIT(s)->manager->confirm_spawn,
-                       false,
+                       s->socket_fd_selinux_context_net,
                        UNIT(s)->manager->cgroup_supported,
                        path,
                        UNIT(s)->id,
diff --git a/src/core/socket.c b/src/core/socket.c
index 958d063..1a91700 100644
--- a/src/core/socket.c
+++ b/src/core/socket.c
@@ -1234,7 +1234,7 @@ static int socket_spawn(Socket *s, ExecCommand *c, pid_t *_pid) {
                        true,
                        true,
                        UNIT(s)->manager->confirm_spawn,
-                       s->selinux_context_from_net,
+                       false,
                        UNIT(s)->manager->cgroup_supported,
                        UNIT(s)->cgroup_path,
                        UNIT(s)->id,