1avc_netlink_loop(3)        SELinux API documentation       avc_netlink_loop(3)
2
3
4

NAME

6       avc_netlink_open,       avc_netlink_close,      avc_netlink_acquire_fd,
7       avc_netlink_release_fd,   avc_netlink_check_nb,   avc_netlink_loop    -
8       SELinux netlink processing
9

SYNOPSIS

11       #include <selinux/selinux.h>
12       #include <selinux/avc.h>
13
14       int avc_netlink_open(int blocking);
15
16       void avc_netlink_close(void);
17
18       int avc_netlink_acquire_fd(void);
19
20       void avc_netlink_release_fd(void);
21
22       void avc_netlink_loop(void);
23
24       int avc_netlink_check_nb(void);
25

DESCRIPTION

27       These  functions  enable applications to handle notification of SELinux
28       events via netlink.  The userspace AVC normally checks for netlink mes‐
29       sages  on each call to avc_has_perm(3).  Applications may wish to over‐
30       ride this behavior and check for notification separately,  for  example
31       in  a  select(2)  loop.  These functions also permit netlink monitoring
32       without requiring a call to avc_open(3).
33
34       avc_netlink_open() opens a netlink socket to receive SELinux  notifica‐
35       tions.     The    socket   descriptor   is   stored   internally;   use
36       avc_netlink_acquire_fd(3) to take ownership of it in application  code.
37       The  blocking  argument  controls whether the O_NONBLOCK flag is set on
38       the socket descriptor.  avc_open(3)  calls  this  function  internally,
39       specifying non-blocking behavior.
40
41       avc_netlink_close() closes the netlink socket.  This function is called
42       automatically by avc_destroy(3).
43
44       avc_netlink_acquire_fd() returns the netlink socket  descriptor  number
45       and  informs the userspace AVC not to check the socket descriptor auto‐
46       matically on calls to avc_has_perm(3).
47
48       avc_netlink_release_fd() returns control of the netlink socket  to  the
49       userspace AVC, re-enabling automatic processing of notifications.
50
51       avc_netlink_check_nb()  checks  the netlink socket for pending messages
52       and processes them.  Callbacks for  policyload  and  enforcing  changes
53       will  be  called;  see selinux_set_callback(3).  This function does not
54       block.
55
56       avc_netlink_loop() enters a loop blocking on  the  netlink  socket  and
57       processing  messages  as  they  are  received.   This function will not
58       return unless an error occurs on the socket, in which case  the  socket
59       is closed.
60

RETURN VALUE

62       avc_netlink_acquire_fd()  returns a non-negative file descriptor number
63       on success.  Other functions with a return value return  zero  on  suc‐
64       cess.  On error, -1 is returned and errno is set appropriately.
65

SEE ALSO

67       avc_open(3), selinux_set_callback(3), selinux(8)
68
69
70
71                                  30 Mar 2009              avc_netlink_loop(3)
Impressum