avc_netlink_loop(category2-linux-allgemein.html) - phpMan

avc_netlink_loop(3)        SELinux API documentation       avc_netlink_loop(3)

NAME
       avc_netlink_open,       avc_netlink_close,      avc_netlink_acquire_fd,
       avc_netlink_release_fd,   avc_netlink_check_nb,   avc_netlink_loop    -
       SELinux netlink processing
SYNOPSIS
       #include <selinux/selinux.h>
       #include <selinux/avc.h>
       int avc_netlink_open(int blocking);
       void avc_netlink_close(void);
       int avc_netlink_acquire_fd(void);
       void avc_netlink_release_fd(void);
       void avc_netlink_loop(void);
       int avc_netlink_check_nb(void);
DESCRIPTION
       These  functions  enable applications to handle notification of SELinux
       events via netlink.  The userspace AVC normally checks for netlink mes-
       sages  on each call to avc_has_perm(3).  Applications may wish to over-
       ride this behavior and check for notification separately,  for  example
       in  a  select(2)  loop.  These functions also permit netlink monitoring
       without requiring a call to avc_open(3).
       avc_netlink_open() opens a netlink socket to receive SELinux  notifica-
       tions.     The    socket   descriptor   is   stored   internally;   use
       avc_netlink_acquire_fd(3) to take ownership of it in application  code.
       The  blocking  argument  controls whether the O_NONBLOCK flag is set on
       the socket descriptor.  avc_open(3)  calls  this  function  internally,
       specifying non-blocking behavior.
       avc_netlink_close() closes the netlink socket.  This function is called
       automatically by avc_destroy(3).
       avc_netlink_acquire_fd() returns the netlink socket  descriptor  number
       and  informs the userspace AVC not to check the socket descriptor auto-
       matically on calls to avc_has_perm(3).
       avc_netlink_release_fd() returns control of the netlink socket  to  the
       userspace AVC, re-enabling automatic processing of notifications.
       avc_netlink_check_nb()  checks  the netlink socket for pending messages
       and processes them.  Callbacks for  policyload  and  enforcing  changes
       will  be  called;  see selinux_set_callback(3).  This function does not
       block.
       avc_netlink_loop() enters a loop blocking on  the  netlink  socket  and
       processing  messages  as  they  are  received.   This function will not
       return unless an error occurs on the socket, in which case  the  socket
       is closed.
RETURN VALUE
       avc_netlink_acquire_fd()  returns a non-negative file descriptor number
       on success.  Other functions with a return value return  zero  on  suc-
       cess.  On error, -1 is returned and errno is set appropriately.
SEE ALSO
       avc_open(3), selinux_set_callback(3), selinux(8)

                                  30 Mar 2009              avc_netlink_loop(3)