avc_init deprecation vs avc_open + selinux_set_callback()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I'm adding support to libvirt for a userspace access controller, and have
been basing my code on that done in DBus (dbus/bus/selinux.c). That code
uses avc_init() and provides the whole set of callbacks that method
requires.

The man page for avc_init(), however, states that is is deprecated and
we should use a combination of avc_open() + selinux_set_callback() in
new code. The selinux_set_callback() function, while able to set the
log & audit callbacks, does not have any way to set the thread, mutex
or memory allocation callbacks. I've verified from looking at the code
that avc_init() is the only API that can set these.

Why is it deprecated, if the replacement quoted can't actually replace
its functionality ?  I'm inclined it to use avc_init() despite it being
deprecated.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux



[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux