libselinux question for httpd
Ivan Gyurdiev
ivg2 at cornell.edu
Thu Nov 3 15:05:59 UTC 2005
>
>>>> Great, thanks. Is it OK to presume that security_context_t is always a
>>>> char * and just print that string?
>>>>
>>>>
>>> Yes.
>>>
>>>
>> The natural followup question is - why is security_context_t being used,
>> instead of char* ?
>>
>
> Fair question, but removing the typedef now would be rather painful. In
> any event, they are strings and are handled as such by the existing
> SELinux patches to userland. We just don't want applications making
> assumptions about the internal format of the strings; they should always
> use the libselinux context_* functions to get/set individual fields of
> the context if they need to do that.
>
Chances are that if something's possible without a warning, someone will
eventually do it...
Also, it seems rather confusing to me to have two data structures for
the same thing
(not to mention the 2+ other ones used in sepol/semanage).
More information about the fedora-selinux-list
mailing list