On Wed, 20.08.14 19:08, Michal Sekletar (msekl...@redhat.com) wrote: > > On Wed, Aug 13, 2014 at 09:42:14PM +0200, Lennart Poettering wrote: > <snip> > > > @@ -1773,6 +1782,9 @@ static void socket_enter_running(Socket *s, int > > > cfd) { > > > cfd = -1; > > > s->n_connections ++; > > > > > > + if (s->selinux_labeled_net) > > > + service->exec_context.selinux_labeled_net = true; > > > + > > > > This I don't like. We shouldn#t make permanent changes here... I'd > > prefer if we could pass this somehow else, so that the service isn't > > changed permanently... > > Well I don't like this either but I don't know about any other way how to pass > that flag all the way down to exec_spawn. However, is this really an issue if > the new option will work only for Accept=true services?
I think adding this as bool parameter to service_set_socket_fd() should be OK. I think it would be a good idea to store this in a field in the Service structure that is named very similar to "socket_fd", to mke clear that this field belongs closely to this socket fd. Maybe socket_fd_selinux_net_context or so... And then, add a new param to exec_spawn() or so to pass it from the service to execution code. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel