[NOTE: re-adding the SELinux mailing list] On Friday, January 10, 2014 05:12:09 PM bigclouds wrote: > 1. a program with selinux-aware means the program call libselinux api. > what is the advantage? is it same as defining security policy for the > program? Typically people use the libselinux API to accomplish specific goals that were not possible otherwise, e.g. affecting the label assigned to newly created sockets. I suggest looking at the libselinux API to better understand what advantages it offers. > 2. if a program is writen by myself, when i launch it, what is its context? > inherit from user? or bash? It is dependent on your security policy. You can use the '-Z' option with the 'ps' command to view the SELinux label of running processes. > At 2014-01-10 02:18:45,"Paul Moore" <paul@xxxxxxxxxxxxxx> wrote: > >On Thu, Jan 9, 2014 at 10:12 AM, bigclouds <bigclouds@xxxxxxx> wrote: > >> 1. what is the default context of a program without selinux-aware? > > > >The SELinux context of a running process is determined by the security > >policy. > > > >> 2. any advantagement for a program to implement selinux-aware? > > > >Could you be more specific about what you mean by "selinux-aware"? -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
