On Fri, 2011-06-24 at 15:50 +0000, c.r.madhusudhanan@xxxxxxxxx wrote: > [root@localhost utils]# ./getconlist user_u > user_u:user_r:consoletype_t > [root@localhost utils]# ./getconlist root > root:sysadm_r:sysadm_t > > [root@localhost utils]# ./getseuser meego > seuser: user_u, level (null) > Context 0 user_u:user_r:consoletype_t > [root@localhost utils]# ./getseuser root > seuser: root, level (null) > Context 0 root:sysadm_r:sysadm_t > (I dont know but the getseuser dint work until I changed the code > if (argc != 2). ) You aren't invoking them correctly - you need to pass the security context of the login process as the second argument, as I showed. For example, on Fedora, we have: $ ./getconlist user_u system_u:system_r:local_login_t:s0 user_u:user_r:user_t:s0 $ ./getseuser root system_u:system_r:local_login_t:s0 $ ./getseuser root system_u:system_r:local_login_t:s0 seuser: unconfined_u, level s0-s0:c0.c1023 Context 0 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Omit the :s0 if you don't have MLS enabled in your policy. -- Stephen Smalley National Security Agency -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
