Security Enhanced Linux
What's New
Frequently Asked Questions
Background
Documents
License
Download
Participating
Mail List
Archives
Remaining Work
Contributors
Related Work
Press Releases
Information Assurance Research
NIARL In-house Research Areas
Mathematical Sciences Program
Sabbaticals
Computer & Information Sciences Research
Technology Transfer
Advanced Computing
Advanced Mathematics
Communications & Networking
Information Processing
Microelectronics
Other Technologies
Technology Fact Sheets
Publications
Related Links
|
SELinux Mailing ListRe: problems using setcon()
From: Stephen Smalley <sds_at_tycho.nsa.gov>
Date: Mon, 14 Mar 2005 10:06:12 -0500
No, you can directly construct context strings; you just have to ensure that they are valid contexts or the kernel will reject them. The easiest approach is to use getcon() to get the current context, then use the context_new(), context_type_set(), context_str() functions to create a context string with a modified type field, and then call setcon() on the resulting context string. security_compute_create() is appropriate when you want to get a context based on a type_transition rule in the policy (for an exec-based process transition or a file creation), but that is not what you are doing. Sample program below should work for you, assuming appropriate policy and a kernel that supports dynamic context transitions (>= 2.6.11 for the mainline kernel). Policy would need can_setcon() for the domain and allow <olddomain> <newdomain>:process dyntransition; (the domain_auto_trans rules are for exec-based transitions only). -- Stephen Smalley <sds@tycho.nsa.gov> National Security AgencyReceived on Mon 14 Mar 2005 - 10:19:28 EST |
|
Date Posted: Jan 15, 2009 | Last Modified: Jan 15, 2009 | Last Reviewed: Jan 15, 2009 |