dynamic context transitions

[Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>]

stephen,

i assume it _is_ necessary to perform dynamic auto transitions?

such that i can track to alternative contexts, yes?

e.g. i am running in sshd_privsep_t [because on a fork(),
i deliberately called setcon() to set it that way]

and i now want to be a user-related context, so i do this:

	get_default_context(pw->pw_name,NULL,&scontext)
	setcon(scontext);

and i set up a dynamic_auto_trans(sshd_privsep_t,
                                  sshd_exec_t,
				  sshd_privsep_user_t)

... hang on, that doesn't look right.  surely there should be
four arguments:

	* domain you were in before the setcon
	* domain the setcon asked to be in
	* executable_t
	* domain you want to be in afterwards

so it'd be:

	dynamic_auto_trans(sshd_privsep_t, /* where we were */
		   user_t,               /* from get_default_context() */
		  sshd_exec_t,          /* from the sshd binary */
		  sshd_privsep_user_t) /* what we _really_ want to be */


burblburbl... *gloop* drowning in not-much-understanding...

l.

-- 
--
<a href="http://lkcl.net";>http://lkcl.net</a>
--

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.