-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/05/2011 11:10 AM, Eric Paris wrote:
> On 08/05/2011 10:45 AM, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>>
>> On 08/05/2011 10:18 AM, Stephen Smalley wrote:
>>> On Thu, 2011-08-04 at 17:50 -0400, Daniel J Walsh wrote:
>>>> On 08/04/2011 05:10 PM, Eric Paris wrote:
>>>>> On 08/04/2011 05:06 PM, Daniel J Walsh wrote:
>>>>>> On 08/04/2011 05:00 PM, Eric Paris wrote:
>>>>>
>>>>>>> I also question the use of /sys/fs/selinux/ but I'm not
>>>>>>> sure we have a good way to find that in a script..... Do
>>>>>>> we have one?
>>>>>>>
>>>>>>
>>>>>> grep selinuxfs /proc/self/mountinfo | awk '{ print $5 }'
>>>>>
>>>>> $ grep selinuxfs /proc/self/mountinfo | awk '{ print $5 }'
>>>>> /selinux /chroot/selinux
>>>>>
>>>>> -- This message was distributed to subscribers of the
>>>>> selinux mailing list. If you no longer wish to subscribe,
>>>>> send mail to majordomo@xxxxxxxxxxxxx with the words
>>>>> "unsubscribe selinux" without quotes as the message.
>>>>>
>>>>>
>>>>
>>>> Second attempt.
>>>
>>> Technically I think we wanted to encapsulate all references to
>>> selinuxfs by using libselinux, whether via direct bindings (as
>>> from python) or by adding utils to libselinux (for shell
>>> scripts). For example: $ gcc -lselinux -o getinitialcontext
>>> getinitialcontext.c $ ./getinitialcontext unlabeled
>>> system_u:object_r:unlabeled_t:s0
>>>
>> If we are going to add any more commands to libselinux I would
>> prefer them to be prefixed with selinux or at lease se.
>
> no problem, I can call it anything we want. Last issue I question
> is better handling of there being no result. We wouldn't want to
> delete context'**' :)
>
Well it would actually delete *:*, and they are tmp files ...
echo "" | secon -t
secon: Couldn't read security context: Invalid argument
[Exit 1]
touch /tmp/dan1
# touch /tmp/empty
# cat /tmp/empty | secon -t
secon: Couldn't read security context: Invalid argument
[Exit 1]
So I think you are going to get an error and the app will blow up.
> -Eric
>
>
> -- This message was distributed to subscribers of the selinux mailing
> list. If you no longer wish to subscribe, send mail to
> majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without
> quotes as the message.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk48DX4ACgkQrlYvE4MpobONaQCfTFsE84KQ4kiM1Y13+sz2ydyu
ZvcAoMihWiC9u+v0J/0gBrhc9iSkPbm5
=7VRP
-----END PGP SIGNATURE-----
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
