Re: [systemd-devel] [PATCH v5] socket: introduce SELinuxContextFromNet option

2014-09-19 Thread Tom Gundersen
On Mon, Sep 8, 2014 at 3:42 PM, Michal Sekletar msekl...@redhat.com wrote: This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from

Re: [systemd-devel] [PATCH v5] socket: introduce SELinuxContextFromNet option

2014-09-19 Thread Michal Sekletar
On Fri, Sep 19, 2014 at 12:13:18PM +0200, Tom Gundersen wrote: On Mon, Sep 8, 2014 at 3:42 PM, Michal Sekletar msekl...@redhat.com wrote: This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by

[systemd-devel] [PATCH v5] socket: introduce SELinuxContextFromNet option

2014-09-08 Thread Michal Sekletar
This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_mls_label derived from xinetd. Reviewed-by: Paul Moore pmo...@redhat.com --- Changes in v5: