mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-11 16:44:59 +00:00
bc2a8f418e
The attached patch adds several interfaces to reference /selinux/status according to sequential-lock logic. selinux_status_open() open the kernel status page and mmap it with read-only mode, or open netlink socket as a fallback in older kernels. Then, we can obtain status information from the mmap'ed page using selinux_status_updated(), selinux_status_getenfoce(), selinux_status_policyload() or selinux_status_deny_unknown(). It enables to help to implement userspace avc with heavy access control decision; that we cannot ignore the cost to communicate with kernel for validation of userspace caches. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
2 lines
31 B
Groff
2 lines
31 B
Groff
.so man3/selinux_status_open.3
|