[redhat-lspp] xinetd integration with SELinux (Was: LSPP Development Telecon 10/02/2006 Minutes)
Stephen Smalley
sds at tycho.nsa.gov
Thu Oct 5 18:28:47 UTC 2006
On Thu, 2006-10-05 at 10:49 -0500, Xavier Toth wrote:
> I'm also writing a daemon which execs other processes in an mls
> environment and could use some help understanding how to use
> security_context_create. It would seem that the target context is the
> process context of the target application (is there a way to get this
> from the application path?) but I'm unclear as to the source (is it my
> daemon or my peers context) and the class (is it the 'process' class
> context?).
The target context is the context of the executable file, i.e. the
result of getfilecon(). The source context would typically be the
caller's context, i.e. the result of getcon(), and the class would be
the process class, i.e. SECCLASS_PROCESS. However, since you presumably
want the MLS level to reflect the peer, you likely want to extract that
information from the peer context. runcon in coreutils is an example of
how to do this (not the peer aspect, but doing a compute_create and
manipulating the context fields; the runcon -c option).
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list