SELinux support in Libc

SELinux support in Libc

[Shaz]

[-- Attachment #1: Type: text/plain, Size: 326 bytes --]

Dear all,

I was building eglibc and saw selinux support flag in it's configure script.
Any idea what this is used for. Some hints and pointers needed.

SELinux works for me without this support as far as I understand but need to
get all the goodies that are available. Couln't find anything with a bit of
googling!

-- 
Shaz

[-- Attachment #2: Type: text/html, Size: 378 bytes --]

Re: SELinux support in Libc

[Shaz]

[-- Attachment #1: Type: text/plain, Size: 740 bytes --]

> I was building eglibc and saw selinux support flag in it's configure
> script. Any idea what this is used for. Some hints and pointers needed.
>
> SELinux works for me without this support as far as I understand but need
> to get all the goodies that are available. Couln't find anything with a bit
> of googling!
>

According to Eric it has something to do with nscd. Is nscd part of libc
now? Why do we need an object manager here?

"

Glibc's nscd keeps its name service caches in fixed-size files.  These
are always mmap'd into the nscd daemon address space.  "persistent" and
"shared" are both per-name-service options.

"
http://anusf.anu.edu.au/~djh900/nscd.html

I think it is not that important for a newbie like me :(

-- 
Shaz

[-- Attachment #2: Type: text/html, Size: 1111 bytes --]

Re: SELinux support in Libc

[Shaz]

[-- Attachment #1: Type: text/plain, Size: 1068 bytes --]

On Thu, May 27, 2010 at 1:27 AM, Shaz <shazalive@gmail.com> wrote:

>
>
>> I was building eglibc and saw selinux support flag in it's configure
>> script. Any idea what this is used for. Some hints and pointers needed.
>>
>> SELinux works for me without this support as far as I understand but need
>> to get all the goodies that are available. Couln't find anything with a bit
>> of googling!
>>
>
> According to Eric it has something to do with nscd. Is nscd part of libc
> now? Why do we need an object manager here?
>
> "
>
> Glibc's nscd keeps its name service caches in fixed-size files.  These
>
> are always mmap'd into the nscd daemon address space.  "persistent" and
> "shared" are both per-name-service options.
>
> "
> http://anusf.anu.edu.au/~djh900/nscd.html<http://anusf.anu.edu.au/%7Edjh900/nscd.html>
>

http://cblfs.cross-lfs.org/index.php/NSS_Caching mentions some concepts but
what can be a possible usecase to understand what this object manager really
achieves.

By the way could;nt find relevant eglibc mailing list for this question.

-- 
Shaz

[-- Attachment #2: Type: text/html, Size: 1731 bytes --]

Re: SELinux support in Libc

[Justin P. Mattock]

[-- Attachment #1: Type: text/plain, Size: 1387 bytes --]

On 05/26/2010 01:44 PM, Shaz wrote:
>
>
> On Thu, May 27, 2010 at 1:27 AM, Shaz <shazalive@gmail.com 
> <mailto:shazalive@gmail.com>> wrote:
>
>         I was building eglibc and saw selinux support flag in it's
>         configure script. Any idea what this is used for. Some hints
>         and pointers needed.
>
>         SELinux works for me without this support as far as I
>         understand but need to get all the goodies that are available.
>         Couln't find anything with a bit of googling!
>
>
>     According to Eric it has something to do with nscd. Is nscd part
>     of libc now? Why do we need an object manager here?
>
>     "
>
>     Glibc's nscd keeps its name service caches in fixed-size files.  These
>
>
>     are always mmap'd into the nscd daemon address space.  "persistent" and
>     "shared" are both per-name-service options.
>          
>
>     "
>     http://anusf.anu.edu.au/~djh900/nscd.html
>     <http://anusf.anu.edu.au/%7Edjh900/nscd.html>
>
>
> http://cblfs.cross-lfs.org/index.php/NSS_Caching mentions some 
> concepts but what can be a possible usecase to understand what this 
> object manager really achieves.
>
> By the way could;nt find relevant eglibc mailing list for this question.
>
> -- 
> Shaz
>
I would try libc:
http://www.gnu.org/software/libc/
(maybe libc-help, and/or general question
list or something).

Justin P. Mattock

[-- Attachment #2: Type: text/html, Size: 2444 bytes --]

Re: SELinux support in Libc

[Stephen Smalley]

On Wed, May 26, 2010 at 3:05 AM, Shaz <shazalive@gmail.com> wrote:
> Dear all,
>
> I was building eglibc and saw selinux support flag in it's configure script.
> Any idea what this is used for. Some hints and pointers needed.
>
> SELinux works for me without this support as far as I understand but need to
> get all the goodies that are available. Couln't find anything with a bit of
> googling!

The nscd was instrumented as a userspace object manager a long time
ago at the request of its maintainers.  The original motivation was
when it introduced support for exporting direct access to the mapped
database files to the clients, but general access controls were added
for all of its services at the time.  See the class ncsd definitions
in the access_vectors file and the nscd.if and nscd.te policy files.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.