1avc_netlink_loop(3)        SELinux API documentation       avc_netlink_loop(3)
2
3
4

NAME

6       avc_netlink_open,       avc_netlink_close,      avc_netlink_acquire_fd,
7       avc_netlink_release_fd,   avc_netlink_check_nb,   avc_netlink_loop    -
8       SELinux netlink processing
9

SYNOPSIS

11       #include <selinux/selinux.h>
12       #include <selinux/avc.h>
13
14       int avc_netlink_open(int blocking);
15
16       void avc_netlink_close(void);
17
18       int avc_netlink_acquire_fd(void);
19
20       void avc_netlink_release_fd(void);
21
22       void avc_netlink_loop(void);
23
24       int avc_netlink_check_nb(void);
25

DESCRIPTION

27       These  functions  enable applications to handle notification of SELinux
28       events via netlink.  The userspace AVC normally checks for netlink mes‐
29       sages  on each call to avc_has_perm(3).  Applications may wish to over‐
30       ride this behavior and check for notification separately,  for  example
31       in  a  select(2)  loop.  These functions also permit netlink monitoring
32       without requiring a call to avc_open(3).
33
34       avc_netlink_open() opens a netlink socket to receive SELinux  notifica‐
35       tions.  The socket descriptor is stored internally; use avc_netlink_ac‐
36       quire_fd(3) to take ownership of it in application code.  The  blocking
37       argument  controls whether the O_NONBLOCK flag is set on the socket de‐
38       scriptor.  avc_open(3) calls this function internally, specifying  non-
39       blocking behavior.
40
41       avc_netlink_close() closes the netlink socket.  This function is called
42       automatically by avc_destroy(3).
43
44       avc_netlink_acquire_fd() returns the netlink socket  descriptor  number
45       and  informs the userspace AVC not to check the socket descriptor auto‐
46       matically on calls to avc_has_perm(3).  If no  such  socket  descriptor
47       exists,  avc_netlink_acquire_fd(3)  will first call avc_netlink_open(3)
48       and then return the resulting fd.
49
50       avc_netlink_release_fd() returns control of the netlink socket  to  the
51       userspace AVC, re-enabling automatic processing of notifications.
52
53       avc_netlink_check_nb()  checks  the netlink socket for pending messages
54       and processes them.  Callbacks for  policyload  and  enforcing  changes
55       will  be  called;  see selinux_set_callback(3).  This function does not
56       block.
57
58       avc_netlink_loop() enters a loop blocking on  the  netlink  socket  and
59       processing  messages  as they are received.  This function will not re‐
60       turn unless an error occurs on the socket, in which case the socket  is
61       closed.
62

RETURN VALUE

64       avc_netlink_acquire_fd()  returns a non-negative file descriptor number
65       on success.  Other functions with a return value return  zero  on  suc‐
66       cess.  On error, -1 is returned and errno is set appropriately.
67

AUTHOR

69       Originally     KaiGai     Kohei.     Updated    by    Mike    Palmiotto
70       <mike.palmiotto@crunchydata.com>
71

SEE ALSO

73       avc_open(3), selinux_set_callback(3), selinux(8)
74
75
76
77                                  30 Mar 2009              avc_netlink_loop(3)
Impressum