Re: SElinux integration

From: Ivan Gyurdiev <ivg2 cornell edu>
To: Alexander Larsson <alexl redhat com>
Cc: gnome-vfs-list gnome org
Subject: Re: SElinux integration
Date: Mon, 27 Feb 2006 06:22:46 -0500

Ivan Gyurdiev wrote:

How do you actually get the context? Does it need more syscalls than the
stat that we do by default

Yes, the context is an extended attribute, we get (or set) it througha call to libselinux, which knows how to exact it.


      #include <selinux/selinux.h>

      int getfilecon(const char *path, security_context_t *con);
      int lgetfilecon(const char *path, security_context_t *con);
      int fgetfilecon(int fd, security_context_t *con);

So, to answer your question, libselinux relies on getxattr() and setxattr().

References:
- SElinux integration
  - From: Ivan Gyurdiev
- Re: SElinux integration
  - From: Alexander Larsson
- Re: SElinux integration
  - From: Ivan Gyurdiev
- Re: SElinux integration
  - From: Alexander Larsson
- Re: SElinux integration
  - From: Ivan Gyurdiev

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]