SELinuxContextFromNet=
Takes a boolean argument. When true, systemd will attempt to
figure out the SELinux label used for the instantiated
service from the information handed by the peer over the
network. Note that only the security level is used from
Unfortunately I was using 0.0.0.0 to connect to rsync in the proxy and
the netlabel.rules entry for that ip is unlabeled when I changed the
ip to 127.0.0.1 systemd no longer reports this error.
Ted
On Tue, Jun 8, 2021 at 10:16 AM Ted Toth wrote:
>
> I'm working on a proxy to encrypt
I'm working on a proxy to encrypt rsync network communications using
systemd socket activation (Accept=yes, SELinuxContextFromNet=true) so
that the proxy is run at the level of the connection (the system is
running selinux mls policy). rsync has the same systemd socket
activation configuration as
What do I need to do to enable log_debug logging in systemd (on
centos7), edit /etc/systemd/system.conf and set LogLevel=debug? If so,
how do I get systemd to reread the config file (kill -HUP 1)? Where do
I view the messages, journalctl -l?
Ted
___
When a socket service runs is there a way to determine the socket
state? If the socket file contains:
Accept=true
does systemd call accept with the socket before execing the service in
which case I don't have to call accept? Is there a way to
differentiate a socket with Accept set to true versus
I don't see a way to set the context of the socket that systemd
listens on. If there is a way to do this please tell me otherwise I'd
like to see an option (SELinuxCreateContext?) added to be able to set
the context (setsockcreatecon) to be used by systemd when creating the
socket. Currently as an
it and if not fallback to its
current behavior.
Ted
On Thu, Aug 25, 2022 at 4:19 AM Lennart Poettering
wrote:
>
> On Mi, 24.08.22 11:50, Ted Toth (txt...@gmail.com) wrote:
>
> > I don't see a way to set the context of the socket that systemd
> > listens on. If there is a way to d
I think I figured out how to add libsemanage to the link, when you see
the patch you can tell me if I did it right.
On Tue, Sep 6, 2022 at 11:46 AM Ted Toth wrote:
>
> I'm working on a patch and adding a function to selinux_util.c which
> calls libsemanage functions but I don't know h
on failure do not set errno so
how should I log these failures, i.e. which log_ function should I
call?
Ted
On Fri, Sep 2, 2022 at 9:13 AM Lennart Poettering
wrote:
>
> On Fr, 02.09.22 09:04, Ted Toth (txt...@gmail.com) wrote:
>
> > I have set the type for the port in question usin
about how systemd uses a child process
(sd-listen) to create a listening socket and whether the socket
context persists across the processes, can someone explain this to me?
Ted
On Tue, Sep 6, 2022 at 4:51 PM Ted Toth wrote:
>
> I think I figured out how to add libsemanage to the link, when y
.
Ted
On Thu, Aug 25, 2022 at 4:19 AM Lennart Poettering
wrote:
>
> On Mi, 24.08.22 11:50, Ted Toth (txt...@gmail.com) wrote:
>
> > I don't see a way to set the context of the socket that systemd
> > listens on. If there is a way to do this please tell me otherwise I'd
>
Is info about what changed (i.e. the name of the file created in the
directory) available to a path service ExecStart process? If so, how
does a service access the info?
Ted
I've been looking at the issue of systemd setting the socket
activation socket context to init_t when using SELinuxContextFromNet.
My initial thought was to use the port context set by running semanage
and compute the socket context using a type transition for the port
type to a socket type.
I have a set of services that depend on each other however when
services are started and considered 'active' that does not necessarily
mean they are in a state that a dependent service requires them to be
in to operate properly (for example an inotify watch has been
established). systemd services,
On Fri, Nov 18, 2022 at 5:33 PM Barry wrote:
>
>
>
> > On 17 Nov 2022, at 20:03, Ted Toth wrote:
> >
> > The comment about inotify was just an example, I understand that there
> > is a 'notify' service type but I'm not using it because of its
> > docum
The comment about inotify was just an example, I understand that there
is a 'notify' service type but I'm not using it because of its
documented shortcomings.
On Thu, Nov 17, 2022 at 11:34 AM Alvin Šipraga wrote:
>
> Hi Ted,
>
> On Thu, Nov 17, 2022 at 08:52:00AM -0600, Ted Toth
16 matches
Mail list logo
