It would be good if the man page were updated to reflect this requirement. I'll take a look at selinux_check_access, thanks. Ted On Fri, May 22, 2015 at 11:23 AM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On 05/22/2015 12:20 PM, Stephen Smalley wrote: >> On 05/22/2015 12:12 PM, Ted Toth wrote: >>> ./avperm >>> 1 - av_perm 0 >>> security class: 66 >>> class db_tuple av select >>> 2 - av_perm 8 >>> 3 - av_perm 8 >>> >>> why does the first call to string_to_av_perm return 0 something seem wrong here. >> >> You need to call string_to_security_class() first. >> >> The hardcoded #defines in flask.h and av_permissions.h are deprecated; >> you'll get compiler warnings with a recent version of libselinux when >> including them. > > BTW, the preferred interface for SELinux userspace permission checks > these days is selinux_check_access(). Then you don't ever need to deal > with class or permission values or directly use any of the avc interfaces. > > _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
