Stephen, thanks very much for your last comment. I always forgot to talk about that, despite my intention was to discuss it... It's just that there were many tiny details to discuss. > ocontexts[OCON_ISID] is a list of initial SIDs and their > contexts. Your current code takes the MLS range from > whatever happens to be the first entry in the list and uses > that for all of the contexts. At the beginning I was scanning for "unlabeled" in oc->u.name with strcmp(), but then I wasn't sure about adding extra complexity to the code and I left that out waiting for your comments. At present, for the latest reference policy the first initial SID is "kernel", which surely isn't the best match, but as I already told you I was waiting for some feedback on details. I will introduce your piece of code (assuming there is always going to be an entry for SECINITSID_UNLABELED in the list). By the way, is there any drawback in loading the initial SIDs again from security_load_policy() using the appropriate function that you mentioned ? Regards, Guido -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
