API Changes
-
Pass contexts, not SIDs.
-
Set-attribute calls instead of extended calls:
- execve_secure() => setexeccon();execve();
- open/mkdir_secure() => setfscreatecon();open/mkdir();
- Implemented via writes to /proc/self/attr/{exec,fscreate}.
- Cleared explicitly by program or automatically upon exec.
- Simplifies common case, but requires extra care for:
- Multi-threaded applications (if not 1-to-1
user-to-kernel).
- Signal handlers that call execve() or open/mkdir().