On Fri, 2010-09-17 at 22:56 +0100, Mr Dash Four wrote: > > Is there any way I can link or map the number shown in the secmark > > field (secmark=XXX) when listing the current connections with "cat > > /proc/net/ip_conntrack" or "cat /proc/net/nf_conntrack"? > I should have been a bit clear - I need to map the number shown in the > secmark field to the actual SELinux context - is that possible? Not from userspace. So that likely ought to be mapping to a security context and displaying it instead of displaying the secmark (SID). Kernel issue. Kernel code can use security_secid_to_secctx() to map the value to a string, and then security_release_secctx() to free it afterward. -- Stephen Smalley National Security Agency -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
