dwww Home | Manual pages | Find package

avc_netlink_loop(3)        SELinux API documentation       avc_netlink_loop(3)

NAME
       avc_netlink_open,       avc_netlink_close,      avc_netlink_acquire_fd,
       avc_netlink_release_fd,   avc_netlink_check_nb,   avc_netlink_loop    -
       SELinux netlink processing

SYNOPSIS
       #include <selinux/selinux.h>
       #include <selinux/avc.h>

       int avc_netlink_open(int blocking);

       void avc_netlink_close(void);

       int avc_netlink_acquire_fd(void);

       void avc_netlink_release_fd(void);

       void avc_netlink_loop(void);

       int avc_netlink_check_nb(void);

DESCRIPTION
       These  functions  enable applications to handle notification of SELinux
       events via netlink.  The userspace AVC normally checks for netlink mes-
       sages  on each call to avc_has_perm(3).  Applications may wish to over-
       ride this behavior and check for notification separately,  for  example
       in  a  select(2)  loop.  These functions also permit netlink monitoring
       without requiring a call to avc_open(3).

       avc_netlink_open() opens a netlink socket to receive SELinux  notifica-
       tions.  The socket descriptor is stored internally; use avc_netlink_ac-
       quire_fd(3) to take ownership of it in application code.  The  blocking
       argument  controls whether the O_NONBLOCK flag is set on the socket de-
       scriptor.  avc_open(3) calls this function internally, specifying  non-
       blocking behavior.

       avc_netlink_close() closes the netlink socket.  This function is called
       automatically by avc_destroy(3).

       avc_netlink_acquire_fd() returns the netlink socket  descriptor  number
       and  informs the userspace AVC not to check the socket descriptor auto-
       matically on calls to avc_has_perm(3).  If no  such  socket  descriptor
       exists,  avc_netlink_acquire_fd(3)  will first call avc_netlink_open(3)
       and then return the resulting fd.

       avc_netlink_release_fd() returns control of the netlink socket  to  the
       userspace AVC, re-enabling automatic processing of notifications.

       avc_netlink_check_nb()  checks  the netlink socket for pending messages
       and processes them.  Callbacks for  policyload  and  enforcing  changes
       will  be  called;  see selinux_set_callback(3).  This function does not
       block.

       avc_netlink_loop() enters a loop blocking on  the  netlink  socket  and
       processing  messages  as they are received.  This function will not re-
       turn unless an error occurs on the socket, in which case the socket  is
       closed.

RETURN VALUE
       avc_netlink_acquire_fd()  returns a non-negative file descriptor number
       on success.  Other functions with a return value return  zero  on  suc-
       cess.  On error, -1 is returned and errno is set appropriately.

AUTHOR
       Originally     KaiGai     Kohei.     Updated    by    Mike    Palmiotto
       <mike.palmiotto@crunchydata.com>

SEE ALSO
       avc_open(3), selinux_set_callback(3), selinux(8)

                                  30 Mar 2009              avc_netlink_loop(3)

Generated by dwww version 1.14 on Fri Jan 24 06:13:50 CET 2025.