Re: what is the default context of a program without selinux-aware

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Moore <paul@paul-moore.com>
To: bigclouds <bigclouds@163.com>
Cc: selinux@tycho.nsa.gov
Subject: Re: what is the default context of a program without selinux-aware
Date: Fri, 10 Jan 2014 09:46:53 -0500	[thread overview]
Message-ID: <4559656.d5XEX0NFLP@sifl> (raw)
In-Reply-To: <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com>

[NOTE: re-adding the SELinux mailing list]

On Friday, January 10, 2014 05:12:09 PM bigclouds wrote:
> 1. a program with selinux-aware  means  the program call libselinux api.
> what is the advantage?  is it same as defining security policy for the
> program?

Typically people use the libselinux API to accomplish specific goals that were 
not possible otherwise, e.g. affecting the label assigned to newly created 
sockets.  I suggest looking at the libselinux API to better understand what 
advantages it offers.

> 2. if a program is writen by myself, when i launch it, what is its context?
> inherit from user? or bash?

It is dependent on your security policy.  You can use the '-Z' option with the 
'ps' command to view the SELinux label of running processes.

> At 2014-01-10 02:18:45,"Paul Moore" <paul@paul-moore.com> wrote:
> >On Thu, Jan 9, 2014 at 10:12 AM, bigclouds <bigclouds@163.com> wrote:
> >> 1. what is the default context of a program without selinux-aware?
> >
> >The SELinux context of a running process is determined by the security
> >policy.
> >
> >> 2. any advantagement for a program to implement selinux-aware?
> >
> >Could you be more specific about what you mean by "selinux-aware"?

-- 
paul moore
www.paul-moore.com

     prev parent reply	other threads:[~2014-01-10 14:46 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-09 15:12 what is the default context of a program without selinux-aware bigclouds
2014-01-09 18:18 ` Paul Moore
     [not found]   ` <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com>
2014-01-10 14:46     ` Paul Moore [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4559656.d5XEX0NFLP@sifl \
    --to=paul@paul-moore.com \
    --cc=bigclouds@163.com \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.