On Thu, 2010-07-22 at 11:49 -0400, Daniel J Walsh wrote: > Updated with your comments. Strange the FIFO_FILE did not cause > security_compute_create to fail when passing a 0 for the tclass? I > though this should fail. > > I changed the patch to check the output of string_to_security_class. > Will write the selabel patch after this is accepted. > > Not checking the return of setfscreatecon(NULL) or > setsockcreatecon(NULL) Since I am not sure what to do if these fail and > not likely to fail since the previous calls worked. Yes, that's fine. > Is there any way to see what a socket is labeled? netstat -aZ is just > showing the process context, not the context of the label on the socket? netstat should be able to call fgetfilecon() on the socket fd after opening the /proc/pid/fd/<n> file to get the socket label. Not sure why it is using getpidcon() on the process instead. Who wrote that patch? -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
