From 61d306a6069a76bdbc6a0c2d80057f2970107be4 Mon Sep 17 00:00:00 2001 From: Dan Walsh Date: Wed, 9 Oct 2013 14:57:48 -0400 Subject: [PATCH 09/74] define SELINUX_TRANS_DIR in selinux.h I wanted to separate this directory out in order for a new patch to mcstransd to watch this directory for newly created files, which it could then translate. The idea is libvirt would write to /var/run/setrans/c0:c1,c2 with the contents of vm1, then setrans could translate the processes to show system_u:system_r:svirt_t:vm1 --- libselinux/include/selinux/selinux.h | 1 + libselinux/src/setrans_internal.h | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index 7e50857..a359f7f 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -177,6 +177,7 @@ extern void selinux_set_callback(int type, union selinux_callback cb); #define SELINUX_WARNING 1 #define SELINUX_INFO 2 #define SELINUX_AVC 3 +#define SELINUX_TRANS_DIR "/var/run/setrans" /* Compute an access decision. */ extern int security_compute_av(const security_context_t scon, diff --git a/libselinux/src/setrans_internal.h b/libselinux/src/setrans_internal.h index a801ee8..b3bdca2 100644 --- a/libselinux/src/setrans_internal.h +++ b/libselinux/src/setrans_internal.h @@ -1,6 +1,7 @@ /* Author: Trusted Computer Solutions, Inc. */ +#include -#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix" +#define SETRANS_UNIX_SOCKET SELINUX_TRANS_DIR "/.setrans-unix" #define RAW_TO_TRANS_CONTEXT 2 #define TRANS_TO_RAW_CONTEXT 3 -- 1.8.3.1