summaryrefslogtreecommitdiffstats
path: root/man
diff options
context:
space:
mode:
authorMichal Sekletar <msekleta@redhat.com>2014-07-24 10:40:28 +0200
committerMichal Sekletar <msekleta@redhat.com>2014-08-19 18:57:12 +0200
commitcf8bd44339b00330fdbc91041d6731ba8aba9fec (patch)
tree50131a58cdb8e65adc849c0971ff832ec208d6ec /man
parentnetworkd: netdev - add missing callback when adding stacked devices (diff)
downloadsystemd-cf8bd44339b00330fdbc91041d6731ba8aba9fec.tar.xz
systemd-cf8bd44339b00330fdbc91041d6731ba8aba9fec.zip
socket: introduce SELinuxLabelViaNet option
This makes possible to spawn service instances triggered by socket with MLS/MCS SELinux labels which are created based on information provided by connected peer. Implementation of label_get_child_label derived from xinetd. Reviewed-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'man')
-rw-r--r--man/systemd.socket.xml11
1 files changed, 11 insertions, 0 deletions
diff --git a/man/systemd.socket.xml b/man/systemd.socket.xml
index 4483905832..f376f725c9 100644
--- a/man/systemd.socket.xml
+++ b/man/systemd.socket.xml
@@ -676,6 +676,17 @@
</varlistentry>
<varlistentry>
+ <term><varname>SELinuxLabelViaNet=</varname></term>
+ <listitem><para>Takes a boolean
+ value. Controls whether systemd attempts to figure out
+ SELinux label used for instantiated service from
+ information handed by peer over the
+ network. Configuration option has effect only
+ on sockets with <literal>Accept=</literal>
+ mode set to <literal>yes</literal>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>PipeSize=</varname></term>
<listitem><para>Takes a size in
bytes. Controls the pipe buffer size