On Wed, Oct 26, 2016 at 1:51 PM, Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote: > I am looking for a way to dump the mapping of > a process context to its associated CIPSO representation. > I could hack a kernel to do this, but if there's an > obvious way to do it already I'd rather not. The netlabelctl(8) tool is your friend: * Mapping inbound DOIs # netlabelctl -p cipsov4 list [doi:<DOI>] * Mapping SELinux labels to CIPSO/unlabeled/etc. # netlabelctl -p map list Check the man page for more information. I'll also be releasing a new netlabel_tools package soon which will add CALIPSO support. -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
