On Wed, 2009-04-15 at 14:48 +0400, Fedor Sakharov wrote: > Hello, > > Is it possible to somehow use the setcon() from the kernel space? Or is > there any other way of changing the current context of the process from > kernel? I need this for building a module that would monitor the > execution of app and switch it's rights depending on the current branch > of code being executed. setcon(3) is a libselinux function that just writes the context string to /proc/self/attr/current. Within the kernel, the proc filesystem invokes the security_setprocattr() LSM hook interface, which then calls selinux_setprocattr() if SELinux is enabled. I doubt you want to just call security_setprocattr() though. You may wish to look at the example of cachefiles and how it overrides credentials. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
