The selinux_file_context_verify seems to return the wrong value when I know the context of the file and that in the file_contexts file are the same (returns '1' but according to man page should be '0').
Looking at the libselinux source code (matchpathcon.c) the line:
rc = (selinux_file_context_cmp(fcontext, con) == 0);
seems the problem.
I'm using libselinux 2.0.96
So should it return 0 on match, 1 if contexts are different (or if the file / file_contexts entries do not exist) and -1 on error.
And just to clarify the selinux_file_context_cmp function return values:
Should it return 0 on match (after the 'user:' portion), 1 if contexts do not match and -1 on error.
Thanks
Richard
|
