From: Kodungallur Varma <ramgwu@gmail.com>
To: selinux@tycho.nsa.gov
Subject: problems using setcon()
Date: Tue, 8 Mar 2005 23:08:25 -0500 [thread overview]
Message-ID: <fa8ec5d80503082008161e5619@mail.gmail.com> (raw)
Hi all,
I am trying to dynamically change the context of my program by
using the setcon() function. I have a simple program that tries to do
that but the setcon() function always returns -1 for the input in the
program.
#include <stdio.h>
#include <selinux/selinux.h>
int main()
{
int i;
char str[100];
strcpy(str,"system_u:object_r:libselinux_test_t");
i = setcon((security_context_t) str);
if(i == 0)
{
printf("changed to new context..\n");
}
else if(i == -1)
{
printf("error..setcon() returned -1\n");
}
else
{
printf("unknown result\n");
}
return 1;
}
libselinux_test_t is the domain in which I want this program to run. I
have the following policy for that:
-----------
daemon_domain(libselinux_test_t)
type libselinux_test_t, domain, privlog;
role user_r types libselinux_test_t;
type libselinux_test_dir_t, file_type, sysadmfile;
type libselinux_test_exec_t, file_type, sysadmfile, exec_type;
domain_auto_trans(user_t, libselinux_test_exec_t, libselinux_test_t)
allow libselinux_test_t sshd_t:fd use;
------------
as I am in user_t domain when I execute the program, the program
starts in the user_t domain. but as there is that domain_auto_trans()
into the libselinux_test_t domain, setcon() into that domain soulldnt
fail for the invalid domain reasons.
I dont have any avc: denied messages as the setcon fails. my belief is
that I am passing bad arguements to setcon().
could someone please point out where the problem is. also I tried to
print out the domain of the current process using getcon(), but I have
some problem. could someone let me know how to print that out, rather
that viewing it using ps axZ.
thanx a lot in advance..
Ram
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next reply other threads:[~2005-03-09 4:13 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-09 4:08 Kodungallur Varma [this message]
2005-03-09 8:46 ` problems using setcon() Thomas Bleher
2005-03-12 2:35 ` Kodungallur Varma
2005-03-14 15:06 ` Stephen Smalley
2005-03-29 3:55 ` Kodungallur Varma
2005-03-29 14:37 ` Stephen Smalley
2005-03-30 3:41 ` Kodungallur Varma
2005-03-30 12:35 ` Stephen Smalley
2005-04-20 2:09 ` attributes on the other end of a network connection Kodungallur Varma
2005-04-20 3:44 ` James Morris
2005-04-20 12:19 ` Stephen Smalley
2005-05-04 15:30 ` Kodungallur Varma
2005-05-05 11:28 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fa8ec5d80503082008161e5619@mail.gmail.com \
--to=ramgwu@gmail.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.