On Thu, 2011-08-04 at 17:50 -0400, Daniel J Walsh wrote:
> On 08/04/2011 05:10 PM, Eric Paris wrote:
> > On 08/04/2011 05:06 PM, Daniel J Walsh wrote:
> >> On 08/04/2011 05:00 PM, Eric Paris wrote:
> >
> >>> I also question the use of /sys/fs/selinux/ but I'm not sure we
> >>> have a good way to find that in a script..... Do we have one?
> >>>
> >>
> >> grep selinuxfs /proc/self/mountinfo | awk '{ print $5 }'
> >
> > $ grep selinuxfs /proc/self/mountinfo | awk '{ print $5 }' /selinux
> > /chroot/selinux
> >
> > -- This message was distributed to subscribers of the selinux mailing
> > list. If you no longer wish to subscribe, send mail to
> > majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without
> > quotes as the message.
> >
> >
>
> Second attempt.
Technically I think we wanted to encapsulate all references to selinuxfs
by using libselinux, whether via direct bindings (as from python) or by
adding utils to libselinux (for shell scripts). For example:
$ gcc -lselinux -o getinitialcontext getinitialcontext.c
$ ./getinitialcontext unlabeled
system_u:object_r:unlabeled_t:s0
--
Stephen Smalley
National Security Agency
#include <selinux/selinux.h>
#include <stdlib.h>
#include <stdio.h>
int main(int argc, char **argv)
{
int rc;
security_context_t con;
if (argc != 2) {
fprintf(stderr, "usage: %s sid-name\n", argv[0]);
exit(1);
}
rc = security_get_initial_context(argv[1], &con);
if (rc < 0) {
perror(argv[1]);
exit(2);
}
printf("%s\n", con);
freecon(con);
exit(0);
}
