avc_netlink_loop(3) SELinux API documentation avc_netlink_loop(3)
NAME
avc_netlink_open, avc_netlink_close, avc_netlink_acquire_fd,
avc_netlink_release_fd, avc_netlink_check_nb, avc_netlink_loop -
SELinux netlink processing
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/avc.h>
int avc_netlink_open(int blocking);
void avc_netlink_close(void);
int avc_netlink_acquire_fd(void);
void avc_netlink_release_fd(void);
void avc_netlink_loop(void);
int avc_netlink_check_nb(void);
DESCRIPTION
These functions enable applications to handle notification of SELinux
events via netlink. The userspace AVC normally checks for netlink mes-
sages on each call to avc_has_perm(3). Applications may wish to over-
ride this behavior and check for notification separately, for example
in a select(2) loop. These functions also permit netlink monitoring
without requiring a call to avc_open(3).
avc_netlink_open() opens a netlink socket to receive SELinux notifica-
tions. The socket descriptor is stored internally; use avc_netlink_ac-
quire_fd(3) to take ownership of it in application code. The blocking
argument controls whether the O_NONBLOCK flag is set on the socket de-
scriptor. avc_open(3) calls this function internally, specifying non-
blocking behavior.
avc_netlink_close() closes the netlink socket. This function is called
automatically by avc_destroy(3).
avc_netlink_acquire_fd() returns the netlink socket descriptor number
and informs the userspace AVC not to check the socket descriptor auto-
matically on calls to avc_has_perm(3). If no such socket descriptor
exists, avc_netlink_acquire_fd(3) will first call avc_netlink_open(3)
and then return the resulting fd.
avc_netlink_release_fd() returns control of the netlink socket to the
userspace AVC, re-enabling automatic processing of notifications.
avc_netlink_check_nb() checks the netlink socket for pending messages
and processes them. Callbacks for policyload and enforcing changes
will be called; see selinux_set_callback(3). This function does not
block.
avc_netlink_loop() enters a loop blocking on the netlink socket and
processing messages as they are received. This function will not re-
turn unless an error occurs on the socket, in which case the socket is
closed.
RETURN VALUE
avc_netlink_acquire_fd() returns a non-negative file descriptor number
on success. Other functions with a return value return zero on suc-
cess. On error, -1 is returned and errno is set appropriately.
AUTHOR
Originally KaiGai Kohei. Updated by Mike Palmiotto
<mike.palmiotto@crunchydata.com>
SEE ALSO
avc_open(3), selinux_set_callback(3), selinux(8)
30 Mar 2009 avc_netlink_loop(3)
Generated by dwww version 1.14 on Fri Jan 24 06:13:50 CET 2025.