Reading the context of a resource
It is, of course, also important to obtain the context of a resource if the application is SELinux-aware. This could be for logging purposes or to decide which domain to transition to (based on the resource context, current context, username, and so on).
How to do it…
To read the context of a resource, the following methods are available:
Given a file path, the following call to
getfilecon()
will provide the context of the file:security_context_t filecon = 0; char * path = "/etc/passwd"; rc = getfilecon(path, &filecon); if (rc < 0) { … // Call failed }; … // Do stuff with the context freecon(filecon);
To get the context of a process, assuming the
pid
variable (of thepid_t
type) has the proper process ID in it, the following code is used:security_context_t pidcon = 0; rc = getpidcon(pid, &pidcon); if (rc < 0) { … // Call failed }; … // Do stuff with the context freecon(pidcon);
How it works…
The SELinux library has various methods for obtaining...