* what is the default context of a program without selinux-aware @ 2014-01-09 15:12 bigclouds 2014-01-09 18:18 ` Paul Moore 0 siblings, 1 reply; 3+ messages in thread From: bigclouds @ 2014-01-09 15:12 UTC (permalink / raw) To: selinux [-- Attachment #1: Type: text/plain, Size: 147 bytes --] hi,all 1. what is the default context of a program without selinux-aware? 2. any advantagement for a program to implement selinux-aware? thanks [-- Attachment #2: Type: text/html, Size: 401 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: what is the default context of a program without selinux-aware 2014-01-09 15:12 what is the default context of a program without selinux-aware bigclouds @ 2014-01-09 18:18 ` Paul Moore [not found] ` <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com> 0 siblings, 1 reply; 3+ messages in thread From: Paul Moore @ 2014-01-09 18:18 UTC (permalink / raw) To: bigclouds; +Cc: selinux On Thu, Jan 9, 2014 at 10:12 AM, bigclouds <bigclouds@163.com> wrote: > 1. what is the default context of a program without selinux-aware? The SELinux context of a running process is determined by the security policy. > 2. any advantagement for a program to implement selinux-aware? Could you be more specific about what you mean by "selinux-aware"? -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 3+ messages in thread
[parent not found: <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com>]
* Re: what is the default context of a program without selinux-aware [not found] ` <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com> @ 2014-01-10 14:46 ` Paul Moore 0 siblings, 0 replies; 3+ messages in thread From: Paul Moore @ 2014-01-10 14:46 UTC (permalink / raw) To: bigclouds; +Cc: selinux [NOTE: re-adding the SELinux mailing list] On Friday, January 10, 2014 05:12:09 PM bigclouds wrote: > 1. a program with selinux-aware means the program call libselinux api. > what is the advantage? is it same as defining security policy for the > program? Typically people use the libselinux API to accomplish specific goals that were not possible otherwise, e.g. affecting the label assigned to newly created sockets. I suggest looking at the libselinux API to better understand what advantages it offers. > 2. if a program is writen by myself, when i launch it, what is its context? > inherit from user? or bash? It is dependent on your security policy. You can use the '-Z' option with the 'ps' command to view the SELinux label of running processes. > At 2014-01-10 02:18:45,"Paul Moore" <paul@paul-moore.com> wrote: > >On Thu, Jan 9, 2014 at 10:12 AM, bigclouds <bigclouds@163.com> wrote: > >> 1. what is the default context of a program without selinux-aware? > > > >The SELinux context of a running process is determined by the security > >policy. > > > >> 2. any advantagement for a program to implement selinux-aware? > > > >Could you be more specific about what you mean by "selinux-aware"? -- paul moore www.paul-moore.com ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-01-10 14:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-09 15:12 what is the default context of a program without selinux-aware bigclouds
2014-01-09 18:18 ` Paul Moore
[not found] ` <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com>
2014-01-10 14:46 ` Paul Moore
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.