|Main Archive Page > Month Archives > selinux archives|
I want to enforce temporal role base access control to Fedora10 platform.
Therefore, I have written a piece of code which receives simple temporal policy
rules and updates a file in which disallowed roles are being kept. In order to
attach the code to the fedora core, I am making use of SELinux modules. I wonder
if avc_has_perm(...) function in /libselinex/src/avc.c can be the right place
for using my code where requests will be granted or denied access. Actually, I
had thought about getting the role field from the security_id_t (@ssid) and
compare it with the denied roles that my code computes. If I`m wrong and this
will not work out, is there any other suggestions for attaching my code to
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to firstname.lastname@example.org with the words "unsubscribe selinux" without quotes as the message.