On Wed, Aug 13, 2014 at 09:42:14PM +0200, Lennart Poettering wrote:
<snip>
> > @@ -1773,6 +1782,9 @@ static void socket_enter_running(Socket *s, int cfd) {
> > cfd = -1;
> > s->n_connections ++;
> >
> > + if (s->selinux_labeled_net)
> > + service->exec_context.selinux_labeled_net = true;
> > +
>
> This I don't like. We shouldn#t make permanent changes here... I'd
> prefer if we could pass this somehow else, so that the service isn't
> changed permanently...
Well I don't like this either but I don't know about any other way how to pass
that flag all the way down to exec_spawn. However, is this really an issue if
the new option will work only for Accept=true services?
>
> I must say I feel a bit uneasy about the naming of SELinuxContext= and
> SELinuxLabeledNet=... One uses the term "context", the other one
> "label". afaiu that's actually the same thing, no? If it is, can we use
> the same terminology here? (which would mean sticking to "context" since
> that's what we already are using...)
>
> Lennart
>
> --
> Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
