In this recipe, we will be querying the SELinux userland to obtain the default context for a given user based on the context of the current process. The process is responsible for gathering the Linux username of the user upfront.
Query the SELinux configuration as follows:
Get the current context of the process:
char * curcon = 0; rc = getcon(&curcon); if (rc) { … // Getting context failed if (permissive) { … // Continue with the application logic, ignoring SELinux stuff } else { … // Log failure and stop application logic }; };
Take the Linux username (assumed to be in the
name
variable) and get the SELinux user:char * sename = 0; char * selevel = 0; rc = getseuserbyname(name, &sename, &selevel); if (rc) { … // Call failed. Again check permissive state … // and take appropriate action. freecon(curcon); };
Now, get the default context based on the obtained SELinux user (
sename
) and current context (which...