Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: anyone running SELinux on amazon EC2?
Special Forums UNIX and Linux Applications Virtualization and Cloud Computing anyone running SELinux on amazon EC2? Post 302345634 by fun_indra on Wednesday 19th of August 2009 07:16:46 PM
Old 08-19-2009
-bash-3.2# setenforce enforcing
setenforce: SELinux is disabled
 

4 More Discussions You Might Find Interesting

1. Virtualization and Cloud Computing

Running MySQL on Amazon EC2 with Elastic Block Store

Here is an excellent article on Running MySQL on Amazon EC2 with Elastic Block Store. Amazon Web Services Developer Connection : Running MySQL on Amazon EC2 with Elastic Block Store (0 Replies)
Discussion started by: Neo
0 Replies

2. Virtualization and Cloud Computing

CEP as a Service (CEPaaS) with MapReduce on Amazon EC2 and Amazon S3

Tim Bass 11-25-2008 01:02 PM Just as I was starting to worry that complex event processing community has been captured by RDBMS pirates off the coast of Somalia, I rediscovered a new core blackboard architecture component, Hadoop. Hadoop is a framework for building applications on large... (0 Replies)
Discussion started by: Linux Bot
0 Replies

3. Virtualization and Cloud Computing

Securing code in Amazon EC2

Hi All, I am facing a problem, regarding code security on EC2. We have created an AMI which contains our code in it, and need to bind the code to the AMI so that no one can take the code out of the AMI. Are there some ways to achieve this ??? (2 Replies)
Discussion started by: akshay61286
2 Replies

4. UNIX and Linux Applications

A little help with seLinux

Situation: installed on Centos6.4 this samba4 package samba4-4.0.1-4.centos6.1.x86_64(wich had the path /usr/share/samba4 /var/lock/samba4,etc) I use selinux so i put in context /var/lock/samba4 -d system_u:object_r:samba_var_t:s0 /var/lock/samba4/.* -- ... (3 Replies)
Discussion started by: Linusolaradm1
3 Replies

LEARN ABOUT DEBIAN

selinux_status_getenforce

selinux_status_open(3)					     SELinux API documentation					    selinux_status_open(3)

NAME

       selinux_status_open,  selinux_status_close,  selinux_status_updated,  selinux_status_getenforce, selinux_status_policyload and selinux_sta-
       tus_deny_unknown - reference the SELinux kernel status without invocation of system calls.

SYNOPSIS

       #include <selinux/avc.h>

       int selinux_status_open(int fallback,);

       void selinux_status_close(void);

       int selinux_status_updated(void);

       int selinux_status_getenforce(void);

       int selinux_status_policyload(void);

       int selinux_status_deny_unknown(void);

DESCRIPTION

       Linux 2.6.37 or later provides a SELinux kernel status page; being mostly placed on /selinux/status entry. It  enables  userspace  applica-
       tions to mmap this page with read-only mode, then it informs some status without system call invocations.

       In  some  cases that a userspace application tries to apply heavy frequest access control; such as row-level security in databases, it will
       face unignorable cost to communicate with kernel space to check invalidation of userspace avc.

       These functions provides applications a way to know some kernel events without system-call invocation or worker thread for monitoring.

       selinux_status_open tries to open(2) /selinux/status and mmap(2) it in read-only mode. The file-descriptor and pointer to the page shall be
       stored  internally; Don't touch them directly.  Set 1 on the fallback argument to handle a case of older kernels without kernel status page
       support.  In this case, this function tries to open a netlink socket using avc_netlink_open(3)  and  overwrite  corresponding  callbacks  (
       setenforce and policyload).  Thus, we need to pay attention to the interaction with these interfaces, when fallback mode is enabled.

       selinux_status_close unmap the kernel status page and close its file descriptor, or close the netlink socket if fallbacked.

       selinux_status_updated informs us whether something has been updated since the last call.  It returns 0 if nothing was happened, however, 1
       if something has been updated in this duration, or -1 on error.

       selinux_status_getenforce returns 0 if SELinux is running in permissive mode, 1 if enforcing mode, or -1 on error.  Same as security_geten-
       force(3) except with or without system call invocation.

       selinux_status_policyload  returns times of policy reloaded on the running system, or -1 on error.  Note that it is not a reliable value on
       fallback-mode until it receive the first event message via netlink socket.  Thus, don't use this value  to  know  actual  times	of  policy
       reloaded.

       selinux_status_deny_unknown  returns  0	if SELinux treats policy queries on undefined object classes or permissions as being allowed, 1 if
       such queries are denied, or -1 on error.

       Also note that these interfaces are not thread-safe, so you have to protect them from concurrent calls using exclusive locks when  multiple
       threads are performing.

RETURN VALUE

       selinux_status_open  returns  0	or  1  on success. 1 means we are ready to use these interfaces, but netlink socket was opened as fallback
       instead of the kernel status page.  On error, -1 shall be returned.

       Any other functions with a return value shall return its characteristic value as described above, or -1 on errors.

SEE ALSO

       mmap(2) avc_netlink_open(3) security_getenforce(3) security_deny_unknown(3)

kaigai@ak.jp.nec.com						  22 January 2011					    selinux_status_open(3)
All times are GMT -4. The time now is 08:12 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy