[PATCH 09/74] define SELINUX_TRANS_DIR in selinux.h

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Thu, 24 Oct 2013 09:48:23 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Future pass to mcstransd to allow libvirt to specify the names of selected MCS
Labels, which mcstransd can translate.  This patch adds an interface to allow
libvirt and mcstransd to communicate in the mcstransd /var/run directory.

   This patch looks good to me. acked.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlJpJScACgkQrlYvE4MpobOC8gCcCBacFSzF4+Bll4PqAOQeEnRo
YWwAnisWknWIHjayevKuZjno6zes6FGE
=LtlM
-----END PGP SIGNATURE-----
>From 61d306a6069a76bdbc6a0c2d80057f2970107be4 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Wed, 9 Oct 2013 14:57:48 -0400
Subject: [PATCH 09/74] define SELINUX_TRANS_DIR in selinux.h

I wanted to separate this directory out in order for a new patch to mcstransd to watch
this directory for newly created files, which it could then translate.

The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then
setrans could translate the processes to show system_u:system_r:svirt_t:vm1
---
 libselinux/include/selinux/selinux.h | 1 +
 libselinux/src/setrans_internal.h    | 3 ++-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 7e50857..a359f7f 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -177,6 +177,7 @@ extern void selinux_set_callback(int type, union selinux_callback cb);
 #define SELINUX_WARNING		1
 #define SELINUX_INFO		2
 #define SELINUX_AVC		3
+#define SELINUX_TRANS_DIR	"/var/run/setrans"
 
 /* Compute an access decision. */
 extern int security_compute_av(const security_context_t scon,
diff --git a/libselinux/src/setrans_internal.h b/libselinux/src/setrans_internal.h
index a801ee8..b3bdca2 100644
--- a/libselinux/src/setrans_internal.h
+++ b/libselinux/src/setrans_internal.h
@@ -1,6 +1,7 @@
 /* Author: Trusted Computer Solutions, Inc. */
+#include <selinux/selinux.h>
 
-#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
+#define SETRANS_UNIX_SOCKET SELINUX_TRANS_DIR "/.setrans-unix"
 
 #define RAW_TO_TRANS_CONTEXT		2
 #define TRANS_TO_RAW_CONTEXT		3
-- 
1.8.3.1





