-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07/22/2010 12:48 PM, Stephen Smalley wrote: > On Thu, 2010-07-22 at 11:49 -0400, Daniel J Walsh wrote: >> Updated with your comments. Strange the FIFO_FILE did not cause >> security_compute_create to fail when passing a 0 for the tclass? I >> though this should fail. >> >> I changed the patch to check the output of string_to_security_class. >> Will write the selabel patch after this is accepted. >> >> Not checking the return of setfscreatecon(NULL) or >> setsockcreatecon(NULL) Since I am not sure what to do if these fail and >> not likely to fail since the previous calls worked. > > Yes, that's fine. > >> Is there any way to see what a socket is labeled? netstat -aZ is just >> showing the process context, not the context of the label on the socket? > > netstat should be able to call fgetfilecon() on the socket fd after > opening the /proc/pid/fd/<n> file to get the socket label. Not sure why > it is using getpidcon() on the process instead. Who wrote that patch? > Probably me 8 years ago... :^( -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkxInekACgkQrlYvE4MpobPtBQCgyetTDlI5j2ZYp9uFItzJtZDR 4zAAoOrSPoHDYrdetSARtOWf3k2PjYgf =n9Yp -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
