* what is the default context of a program without selinux-aware
@ 2014-01-09 15:12 bigclouds
2014-01-09 18:18 ` Paul Moore
0 siblings, 1 reply; 3+ messages in thread
From: bigclouds @ 2014-01-09 15:12 UTC (permalink / raw)
To: selinux
[-- Attachment #1: Type: text/plain, Size: 147 bytes --]
hi,all
1.
what is the default context of a program without selinux-aware?
2.
any advantagement for a program to implement selinux-aware?
thanks
[-- Attachment #2: Type: text/html, Size: 401 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: what is the default context of a program without selinux-aware
2014-01-09 15:12 what is the default context of a program without selinux-aware bigclouds
@ 2014-01-09 18:18 ` Paul Moore
[not found] ` <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com>
0 siblings, 1 reply; 3+ messages in thread
From: Paul Moore @ 2014-01-09 18:18 UTC (permalink / raw)
To: bigclouds; +Cc: selinux
On Thu, Jan 9, 2014 at 10:12 AM, bigclouds <bigclouds@163.com> wrote:
> 1. what is the default context of a program without selinux-aware?
The SELinux context of a running process is determined by the security policy.
> 2. any advantagement for a program to implement selinux-aware?
Could you be more specific about what you mean by "selinux-aware"?
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: what is the default context of a program without selinux-aware
[not found] ` <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com>
@ 2014-01-10 14:46 ` Paul Moore
0 siblings, 0 replies; 3+ messages in thread
From: Paul Moore @ 2014-01-10 14:46 UTC (permalink / raw)
To: bigclouds; +Cc: selinux
[NOTE: re-adding the SELinux mailing list]
On Friday, January 10, 2014 05:12:09 PM bigclouds wrote:
> 1. a program with selinux-aware means the program call libselinux api.
> what is the advantage? is it same as defining security policy for the
> program?
Typically people use the libselinux API to accomplish specific goals that were
not possible otherwise, e.g. affecting the label assigned to newly created
sockets. I suggest looking at the libselinux API to better understand what
advantages it offers.
> 2. if a program is writen by myself, when i launch it, what is its context?
> inherit from user? or bash?
It is dependent on your security policy. You can use the '-Z' option with the
'ps' command to view the SELinux label of running processes.
> At 2014-01-10 02:18:45,"Paul Moore" <paul@paul-moore.com> wrote:
> >On Thu, Jan 9, 2014 at 10:12 AM, bigclouds <bigclouds@163.com> wrote:
> >> 1. what is the default context of a program without selinux-aware?
> >
> >The SELinux context of a running process is determined by the security
> >policy.
> >
> >> 2. any advantagement for a program to implement selinux-aware?
> >
> >Could you be more specific about what you mean by "selinux-aware"?
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2014-01-10 14:46 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-01-09 15:12 what is the default context of a program without selinux-aware bigclouds
2014-01-09 18:18 ` Paul Moore
[not found] ` <275288ad.1a14f.1437b6c4395.Coremail.bigclouds@163.com>
2014-01-10 14:46 ` Paul Moore
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.