On Apr 21, 2008, at 11:04 AM, Stephen Smalley wrote:
On Mon, 2008-04-21 at 10:47 -0500, Joe Nall wrote:On Apr 21, 2008, at 8:37 AM, Stephen Smalley wrote:On Mon, 2008-04-21 at 08:21 -0500, Joe Nall wrote:I have a userspace object manager that I would like to specify the log callback and the enforcing mode for simultaneously. The enforcing mode can be set with avc_open (no man page) and the callbacks with avc_init(3). What is the best strategy?avc_init() was the old interface. selinux_set_callback() + avc_open() is the new interface.Do you know what rawhide rpm SELABEL_CB_LOG and friends might be in? They are not in <selinux/selinux.h> or in /usr/include on a current rawhide with libselinux-devel.Looks like the man page is wrong - it is SELINUX_CB_LOG, not SELABEL_
I'm confused by the syntax. The following is extracted from my C++ code that is calling avc_open.
int avc_log(int ltype, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
...
}
...
static struct avc_entry_ref avcref;
if (!avc_initialized)
{
struct selinux_opt opts[] = { { AVC_OPT_SETENFORCE, (char *)1 } };
if (avc_open(opts, 1) < 0)
...
avc_entry_ref_init(&avcref);
selinux_set_callback(SELINUX_CB_LOG, (selinux_callback)&avc_log);
avc_initialized = 1;
}
Context.C: In member function ‘int Context::operator>=(const Context&)’:
Context.C:317: error: no matching function for call to
‘selinux_callback::selinux_callback(int (&)(int, const char*, ...))’
/usr/include/selinux/selinux.h:142: note: candidates are:
selinux_callback::selinux_callback()
/usr/include/selinux/selinux.h:142: note:
selinux_callback::selinux_callback(const selinux_callback&)
Context.C:318: error: conversion from ‘int (*)(int, const char*, ...)’
to non-scalar type ‘selinux_callback’ requested
What is the right syntax? Got a good example of selinux_set_callback usage?
joe
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
