Querying SELinux userland configuration in C

In this recipe, we will be querying the SELinux userland to obtain the default context for a given user based on the context of the current process. The process is responsible for gathering the Linux username of the user upfront.

How to do it…

Query the SELinux configuration as follows:

Get the current context of the process:

char * curcon = 0;
rc = getcon(&curcon);
if (rc) {
  … // Getting context failed
  if (permissive) {
    … // Continue with the application logic, ignoring SELinux stuff
  } else {
    … // Log failure and stop application logic
  };
};

Take the Linux username (assumed to be in the name variable) and get the SELinux user:

char * sename = 0; char * selevel = 0; rc = getseuserbyname(name, &sename, &selevel); ...

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux Cookbook by Sven Vermeulen

Querying SELinux userland configuration in C

How to do it…

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly