On Mon, 2006-06-26 at 14:33 -0400, Matt Anderson wrote: > In trying to come up with the correct access check for lpq I looked at > security_compute_av() and avc_has_perm_noaudit() According to the man > page for security_compute_av the cron source is an example, so I also > took a look at that. > > Using this sample program I always get 0 as the return value, which > should indicate success, but I get it even when I supply values which > should fail. The only time avc_has_perm_noaudit() returns -1 is when > the policy does not allow access to the selinux_netlink_socket tclass. > > Looking at the cron source I see a comparison of the av_decision.allowed > with the access_vector_t that was requested. When I look at the > av_decision.allowed after calling avc_has_perm I always see 0. > > Am I doing something wrong? Does the documentation describe the current > functionality? > > Any help would be appreciated.
dbus is an example of using avc_has_perm(). If permission was denied, avc_has_perm() returns -1 with errno EACCES if in enforcing mode. Are you in permissive mode, perchance? -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
