From mboxrd@z Thu Jan 1 00:00:00 1970 Subject: Re: [PATCH 029/155] policycoreutils: fixfiles clean up /var/run and From: Stephen Smalley To: Daniel J Walsh Cc: Eric Paris , Eric Paris , selinux@tycho.nsa.gov In-Reply-To: <4E3B1416.5020504@redhat.com> References: <4E39B5E6.8000100@redhat.com> <1312469767.20973.53.camel@moss-pluto> <1312486409.20973.66.camel@moss-pluto> <4E3B007B.1020502@redhat.com> <4E3B085D.1050400@redhat.com> <4E3B09CA.30604@redhat.com> <4E3B0AB1.2050707@redhat.com> <4E3B1416.5020504@redhat.com> Content-Type: multipart/mixed; boundary="=-pwp0cuEh1IbpTonA2Kka" Date: Fri, 05 Aug 2011 10:18:31 -0400 Message-ID: <1312553911.19283.56.camel@moss-pluto> Mime-Version: 1.0 Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov --=-pwp0cuEh1IbpTonA2Kka Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit On Thu, 2011-08-04 at 17:50 -0400, Daniel J Walsh wrote: > On 08/04/2011 05:10 PM, Eric Paris wrote: > > On 08/04/2011 05:06 PM, Daniel J Walsh wrote: > >> On 08/04/2011 05:00 PM, Eric Paris wrote: > > > >>> I also question the use of /sys/fs/selinux/ but I'm not sure we > >>> have a good way to find that in a script..... Do we have one? > >>> > >> > >> grep selinuxfs /proc/self/mountinfo | awk '{ print $5 }' > > > > $ grep selinuxfs /proc/self/mountinfo | awk '{ print $5 }' /selinux > > /chroot/selinux > > > > -- This message was distributed to subscribers of the selinux mailing > > list. If you no longer wish to subscribe, send mail to > > majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without > > quotes as the message. > > > > > > Second attempt. Technically I think we wanted to encapsulate all references to selinuxfs by using libselinux, whether via direct bindings (as from python) or by adding utils to libselinux (for shell scripts). For example: $ gcc -lselinux -o getinitialcontext getinitialcontext.c $ ./getinitialcontext unlabeled system_u:object_r:unlabeled_t:s0 -- Stephen Smalley National Security Agency --=-pwp0cuEh1IbpTonA2Kka Content-Disposition: attachment; filename="getinitialcontext.c" Content-Type: text/x-csrc; name="getinitialcontext.c"; charset="UTF-8" Content-Transfer-Encoding: 7bit #include #include #include int main(int argc, char **argv) { int rc; security_context_t con; if (argc != 2) { fprintf(stderr, "usage: %s sid-name\n", argv[0]); exit(1); } rc = security_get_initial_context(argv[1], &con); if (rc < 0) { perror(argv[1]); exit(2); } printf("%s\n", con); freecon(con); exit(0); } --=-pwp0cuEh1IbpTonA2Kka-- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.