AUDIT_LOG_SECCTX(9) Audit Interfaces AUDIT_LOG_SECCTX(9)NAME
audit_log_secctx - Converts and logs SELinux context
SYNOPSIS
void audit_log_secctx(struct audit_buffer * ab, u32 secid);
ARGUMENTS
ab
audit_buffer
secid
security number
DESCRIPTION
This is a helper function that calls security_secid_to_secctx to convert secid to secctx and then adds the (converted) SELinux context to
the audit log by calling audit_log_format, thus also preventing leak of internal secid to userspace. If secid cannot be converted
audit_panic is called.
COPYRIGHT Kernel Hackers Manual 3.10 June 2014 AUDIT_LOG_SECCTX(9)
Check Out this Related Man Page
avc_open(3) SELinux API documentation avc_open(3)NAME
avc_open, avc_destroy, avc_reset, avc_cleanup - userspace SELinux AVC setup and teardown.
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/avc.h>
int avc_open(struct selinux_opt *options, unsigned nopt);
void avc_destroy(void);
int avc_reset(void);
void avc_cleanup(void);
DESCRIPTION
avc_open initializes the userspace AVC and must be called before any other AVC operation can be performed.
avc_destroy destroys the userspace AVC, freeing all internal memory structures. After this call has been made, avc_open must be called
again before any AVC operations can be performed.
avc_reset flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function
automatically when needed, see NETLINK NOTIFICATION below.
avc_cleanup attempts to free unused memory within the userspace AVC, but does not flush any cached access decisions. Under normal opera-
tion, calling this function should not be necessary.
OPTIONS
The userspace AVC obeys callbacks set via selinux_set_callback(3), in particular the logging and audit callbacks.
The options which may be passed to avc_open include the following:
AVC_OPT_SETENFORCE
This option forces the userspace AVC into enforcing mode if the option value is non-NULL; permissive mode otherwise. The system
enforcing mode will be ignored.
NETLINK NOTIFICATION
Beginning with version 2.6.4, the Linux kernel supports SELinux status change notification via netlink. Two message types are currently
implemented, indicating changes to the enforcing mode and to the loaded policy in the kernel, respectively. The userspace AVC listens for
these messages and takes the appropriate action, modifying the behavior of avc_has_perm(3) to reflect the current enforcing mode and flush-
ing the cache on receipt of a policy load notification. Audit messages are produced when netlink notifications are processed.
RETURN VALUE
Functions with a return value return zero on success. On error, -1 is returned and errno is set appropriately.
AUTHOR
Eamon Walsh <ewalsh@tycho.nsa.gov>
SEE ALSO selinux(8), avc_has_perm(3), avc_context_to_sid(3), avc_cache_stats(3), avc_add_callback(3), selinux_set_callback(3), security_com-
pute_av(3)
12 Jun 2008 avc_open(3)
Hi everyone,
I know the following questions are noobish questions but I am asking them because I am confused about the basics of history behind UNIX and LINUX.
Ok onto business, my questions are-:
Was/Is UNIX ever an open source operating system ?
If UNIX was... (21 Replies)
Hello and thanks in advance for any help anyone can offer me
I'm trying to learn the find command and thought I was understanding it... Apparently I was wrong. I was doing compound searches and I started getting weird results with the -size test. I was trying to do a search on a 1G file owned by... (14 Replies)
hi all,
i have installed quota on my centos 7 machine and its what im after (setting size limit on users, so they cant fill the hard drive)
i want to now make this part of my create user script for my sftp server so i want to do a echo and a read command so i capture the limit they enter... (0 Replies)
Hi everybody,
Which Unix base OS have best performance for HOST virtualization?
I tested SmartOS but it needs another OS to connect remotely!
Thanks in advance. (11 Replies)
Hi All,
I need to write a shell script which opens a file and increments the version(text) within the file every time the script runs. For example:
$ cat docker_file.yml
version: '3.1'
services:
ui:
image: repo-srv.dev.io:5000/facebook/ui:0.0.2-QA1
$
So, I would like... (6 Replies)
Dear Team
We use DB2 v10.5 and using DBArtisan tool
Can someone please guide how to convert digits to binary numbers using db2 feature.
Ex> for number 9 , binary should be 1001 ( 8+1)
Any help appreciated. Thanks (2 Replies)
hi folks,
how to using tar with exclude directory and compress it using tar.Z
i only know how to exclude dir only with this command below:
tar -cvf /varios/restore/test.tar -X excludefile.txt /jfma/test1/
how to compress it using 1 command?
Thanx
Please use CODE tags as... (6 Replies)
Quite an obscure question I think.
We have a rebuild process for remote sites that allows us to PXE rebuild a till (actually a PC with a touch screen and various fancy bits) running CentOS. The current CentOS5 tills work just fine with a tar image restore and some personalisation. Sadly,... (4 Replies)
Hello All,
I had recently learnt a bit of Docker(which provides containerization process).
Here are some of my learning points from it.
Let us start first with very basic question:
What is Docker:
Docker is a platform for sysadmins and developers to DEPLOY, DEVELOP and RUN applications ... (7 Replies)
What is the point of this? Whenever I close my shell it appends to the history file without adding this. I have never seen it overwrite my history file.
# When the shell exits, append to the history file instead of overwriting it
shopt -s histappend (3 Replies)
Hello... And thanks in advance for any help anyone can offer me
I was trying to work out the differences between displaying modify, access, and change times with the 'ls' command. Everything seems in order when I look at files, but the access time on a directory doesn't seem to change when I... (4 Replies)
Hello everyone,
I am having an issue here with CentOS release 6.6 (Final) that shows all of the space used up, but I can't tell where the space went.
Seemingly I am using up 100%, according to
df -h
Filesystem Size Used Avail Use% Mounted on... (27 Replies)
I'm trying to use a bash script for a psych experiment that involves listening to sound files and responding. If I have something like the code below, how can I make sure that a key press is assigned to RESPONSE only after the second echo statement?
for i in 1 2 3; do
echo "Ready?"
sleep 2
... (10 Replies)
After the success of the jq - tool for parsing and manipulating JSON-Data someone wrote a tool called yq, which aims to be the same for YAML, what jq is for JSON. Seems to work fine. I'll definitely give it a chance in future.
Example YAML-File:
--- !ruby/object:Puppet::Node::Facts
... (1 Reply)
Dear All,
I am very pleased to announce that Dave Munro (gull04) is joining the Moderation Team, after being a very valuable member of UNIX.com for 15+ years.
Dave is an IT Consultant with 30 years of experience this year, has worked in many of the industry vertical market segments and has... (6 Replies)