On Thu, Jun 10, 2021 at 9:44 PM Ted Toth <[email protected]> wrote: > SELinuxContextFromNet= > Takes a boolean argument. When true, systemd will attempt to > figure out the SELinux label used for the instantiated > service from the information handed by the peer over the > network. Note that only the security level is used from the > information provided by the peer. Other parts of the > resulting SELinux context originate from either the target > binary that is effectively triggered by socket unit or from > the value of the SELinuxContext= option. This configuration > option only affects sockets with Accept= mode set to "yes". > Also note that this option is useful only when MLS/MCS > SELinux policy is deployed. Defaults to "false". > > Add: > One or more of the associated service files > StandardInput/StandardOutput/StandardError options should be set to > socket for this option to work. >
IMHO that is a bit odd. I don't really see the reason why the option wouldn't work with any Accept=yes service and would require stdin specifically... -- Mantas Mikulėnas
_______________________________________________ systemd-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/systemd-devel
