RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-12 00:19:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
c99414fc1f
selinux/libselinux/man/man3/avc_netlink_loop.3
Eamon Walsh 61d005b739 libselinux: fix avc_netlink_loop() error caused by nonblocking mode. 
avc_open() creates the netlink socket in nonblocking mode.  If the
application later takes control of the netlink socket with
avc_netlink_acquire_fd() and then calls avc_netlink_loop(), it
will fail with EWOULDBLOCK.

To remedy this, remove the O_NONBLOCK flag from the netlink socket
at the start of avc_netlink_loop().  Also, with this fix, there is
no need for avc_open() to ever create a blocking socket, so change
that and update the man page.

-v2: use poll() in avc_netlink_check_nb().  This makes both
avc_netlink_loop() and avc_netlink_check_nb() independent of the
O_NONBLOCK flag.

-v3: move poll() to avc_receive() internal function; patch by
KaiGai Kohei <kaigai@kaigai.gr.jp>

Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2010-03-08 18:15:53 -05:00

84 lines
2.6 KiB
Groff
Raw Blame History

.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
.\" Author: KaiGai Kohei (kaigai@ak.jp.nec.com) 2009
.TH "avc_netlink_loop" "3" "30 Mar 2009" "" "SELinux API documentation"
.SH "NAME"
avc_netlink_open, avc_netlink_close, avc_netlink_acquire_fd,
avc_netlink_release_fd, avc_netlink_check_nb, avc_netlink_loop \- SELinux
netlink processing.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.B #include <selinux/avc.h>
.sp
.BI "int avc_netlink_open(int " blocking ");"
.sp
.BI "void avc_netlink_close(void);"
.sp
.BI "int avc_netlink_acquire_fd(void);"
.sp
.BI "void avc_netlink_release_fd(void);"
.sp
.BI "void avc_netlink_loop(void);"
.sp
.BI "int avc_netlink_check_nb(void);"
.sp
.SH "DESCRIPTION"
These functions enable applications to handle notification of SELinux events
via netlink. The userspace AVC normally checks for netlink messages on each
call to
.BR avc_has_perm (3).
Applications may wish to override this behavior and check for notification
separately, for example in a
.BR select (2)
loop. These functions also permit netlink monitoring without requiring a
call to
.BR avc_open (3).
.B avc_netlink_open
opens a netlink socket to receive SELinux notifications. The socket
descriptor is stored internally; use
.BR avc_netlink_acquire_fd (3)
to take ownership of it in application code. The
.I blocking
argument controls whether the O_NONBLOCK flag is set on the socket descriptor.
.BR avc_open (3)
calls this function internally, specifying non-blocking behavior.
.B avc_netlink_close
closes the netlink socket. This function is called automatically by
.BR avc_destroy (3).
.B avc_netlink_acquire_fd
returns the netlink socket descriptor number and informs the userspace AVC
not to check the socket descriptor automatically on calls to
.BR avc_has_perm (3).
.B avc_netlink_release_fd
returns control of the netlink socket to the userspace AVC, re-enabling
automatic processing of notifications.
.B avc_netlink_check_nb
checks the netlink socket for pending messages and processes them.
Callbacks for policyload and enforcing changes will be called;
see
.BR selinux_set_callback (3).
This function does not block.
.B avc_netlink_loop
enters a loop blocking on the netlink socket and processing messages as they
are received. This function will not return unless an error occurs on
the socket, in which case the socket is closed.
.SH "RETURN VALUE"
.B avc_netlink_acquire_fd
returns a non-negative file descriptor number on success. Other functions
with a return value return zero on success. On error, -1 is returned and
.I errno
is set appropriately.
.SH "SEE ALSO"
.BR avc_open (3),
.BR selinux_set_callback (3),
.BR selinux (8)
Reference in New Issue View Git Blame Copy Permalink