On Thu, 2006-10-05 at 10:49 -0500, Xavier Toth wrote: > I'm also writing a daemon which execs other processes in an mls > environment and could use some help understanding how to use > security_context_create. It would seem that the target context is the > process context of the target application (is there a way to get this > from the application path?) but I'm unclear as to the source (is it my > daemon or my peers context) and the class (is it the 'process' class > context?).
The target context is the context of the executable file, i.e. the result of getfilecon(). The source context would typically be the caller's context, i.e. the result of getcon(), and the class would be the process class, i.e. SECCLASS_PROCESS. However, since you presumably want the MLS level to reflect the peer, you likely want to extract that information from the peer context. runcon in coreutils is an example of how to do this (not the peer aspect, but doing a compute_create and manipulating the context fields; the runcon -c option). -- Stephen Smalley National Security Agency -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
