core/dbus: expose SELinuxContext property (#3284)

Adds support to core for systemd D-Bus clients to send the
`SELinuxContext` property . This means `systemd-run -p
SELinuxContext=foo` should now work.

2 files changed, 18 insertions, 1 deletions

diff --git a/src/core/dbus-execute.c b/src/core/dbus-execute.c
index 04fbc7ad15..888319593c 100644
--- a/src/core/dbus-execute.c
+++ b/src/core/dbus-execute.c
@@ -1446,6 +1446,23 @@ int bus_exec_context_set_transient_property(
 
                 return 1;
 
+        } else if (streq(name, "SELinuxContext")) {
+                const char *s;
+
+                r = sd_bus_message_read(message, "s", &s);
+                if (r < 0)
+                        return r;
+
+                if (mode != UNIT_CHECK) {
+                        r = free_and_strdup(&c->selinux_context, s);
+                        if (r < 0)
+                                return r;
+
+                        unit_write_drop_in_private_format(u, mode, name, "%s=%s\n", name, strempty(s));
+                }
+
+                return 1;
+
         }
 
         ri = rlimit_from_string(name);
diff --git a/src/shared/bus-unit-util.c b/src/shared/bus-unit-util.c
index 8f0df84793..9431dad411 100644
--- a/src/shared/bus-unit-util.c
+++ b/src/shared/bus-unit-util.c
@@ -235,7 +235,7 @@ int bus_append_unit_property_assignment(sd_bus_message *m, const char *assignmen
                               "StandardInput", "StandardOutput", "StandardError",
                               "Description", "Slice", "Type", "WorkingDirectory",
                               "RootDirectory", "SyslogIdentifier", "ProtectSystem",
-                              "ProtectHome"))
+                              "ProtectHome", "SELinuxContext"))
                 r = sd_bus_message_append(m, "v", "s", eq);
 
         else if (streq(field, "SyslogLevel")) {