SELinux policy for fsetfilecon() in libselinux
Brian Ginn
BGinn at symark.com
Thu Apr 9 01:11:47 UTC 2009
I am attempting to use the fsetfilecon() call within a C program. Several other libselinux calls are working OK, but this call fails in enforcing mode (it works in permissive mode).
The audit.log and audit2allow are suggesting policy code that I already have in the policy.
I suspect that I'm being bitten by a "don't audit" rule somewhere.
Is there a reference policy macro that I can include to get fsetfilecon() to work?
Note: I already included
selinux_get_enforce_mode( t_selinux_api_t );
To get the security_getenforce() function to work.
Thanks,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090408/77f224d1/attachment.htm>
More information about the fedora-selinux-list
mailing list