libselinux question for httpd
Stephen Smalley
sds at tycho.nsa.gov
Thu Nov 3 14:39:33 UTC 2005
On Thu, 2005-11-03 at 09:49 -0500, Ivan Gyurdiev wrote:
> Stephen Smalley wrote:
> > On Thu, 2005-11-03 at 14:24 +0000, Joe Orton wrote:
> >
> >> Great, thanks. Is it OK to presume that security_context_t is always a
> >> char * and just print that string?
> >>
> >
> > Yes.
> >
> The natural followup question is - why is security_context_t being used,
> instead of char* ?
Fair question, but removing the typedef now would be rather painful. In
any event, they are strings and are handled as such by the existing
SELinux patches to userland. We just don't want applications making
assumptions about the internal format of the strings; they should always
use the libselinux context_* functions to get/set individual fields of
the context if they need to do that.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list