mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-23 06:22:15 +00:00
bc2a8f418e
The attached patch adds several interfaces to reference /selinux/status according to sequential-lock logic. selinux_status_open() open the kernel status page and mmap it with read-only mode, or open netlink socket as a fallback in older kernels. Then, we can obtain status information from the mmap'ed page using selinux_status_updated(), selinux_status_getenfoce(), selinux_status_policyload() or selinux_status_deny_unknown(). It enables to help to implement userspace avc with heavy access control decision; that we cannot ignore the cost to communicate with kernel for validation of userspace caches. Signed-off-by: Steve Lawrence <slawrence@tresys.com> |
||
---|---|---|
.. | ||
man3 | ||
man5 | ||
man8 | ||
Makefile |