On Tue, 2008-08-26 at 15:34 -0400, Steve Grubb wrote: > On Monday 18 August 2008 06:04:25 Chu Li wrote: > > I have made a patch for "Fixme add subj" in auditd.c. This is for the > > latest codes. > > Now that the audit svn is open for new work...I started to apply this patch. > But then I got to thinking about SMACK. It probably does not like us to get > selinux labels. I was wondering if we need to try to get its label, too? And > I was wondering if both SE Linux and SMACK could be running at the same time? > If they can, do we collect both labels?
They are exclusive of one another, and they both provide the process label via /proc/pid/attr/current. libselinux wraps that kernel interface with getcon() (for current context) and getpidcon() (for context of a given pid), which internally handle the allocation of the buffer and will deal with label translation if using mcstransd. So if you want the code to work with either, you'd directly read /proc/pid/attr/current and display the resulting string. If you want to be SELinux-specific and include functionality like MLS label translation, you'd use getpidcon(3). -- Stephen Smalley National Security Agency -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
