Querying SELinux userland configuration in C
In this recipe, we will be querying the SELinux userland to obtain the default context for a given user based on the context of the current process. The process is responsible for gathering the Linux username of the user upfront.
How to do it…
Query the SELinux configuration as follows:
Get the current context of the process:
char * curcon = 0; rc = getcon(&curcon); if (rc) { … // Getting context failed if (permissive) { … // Continue with the application logic, ignoring SELinux stuff } else { … // Log failure and stop application logic }; };Take the Linux username (assumed to be in the
namevariable) and get the SELinux user:char * sename = 0; char * selevel = 0; rc = getseuserbyname(name, &sename, &selevel); if (rc) { … // Call failed. Again check permissive state … // and take appropriate action. freecon(curcon); };Now, get the default context based on the obtained SELinux user (
sename) and current context (which...
