> I have set the type for the port in question using the 'semanage port'
> command so the loaded policy has a type which systemd should use when
> calling setsockcreatecon. It is my opinion that
> socket_determine_selinux_label function should query policy for the
> port type and if it has been set use it and if not fallback to its
> current behavior.

Sure, patch very welcome.

SELinux code really requires external contributions, none of the core
developers know SELinux too well to do feel confident to implement

(consider filing an RFE issue on github, so that this is tracked)


Lennart Poettering, Berlin

