tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

libselinux: getcon.3: add note about PID races

Browse source 
Add a note that querying a foreign process via its PID is inherently
racy.

Suggested-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Christian Göttsche 2023-02-01 14:15:16 +01:00 committed by Jason Zaman
parent 494eb683f3
commit 49e65b85d6
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
libselinux/man/man3/getcon.3
View file

@ -149,5 +149,9 @@ The retrieval functions might return success and set
.I *context .I *context
to NULL if and only if SELinux is not enabled. to NULL if and only if SELinux is not enabled.
Querying a foreign process via its PID, e.g. \fBgetpidcon\fR() or
\fBgetpidprevcon\fR(), is inherently racy and therefore should never be relied
upon for security purposes.
.SH "SEE ALSO" .SH "SEE ALSO"
.BR selinux "(8), " setexeccon "(3)" .BR selinux "(8), " setexeccon "(3)"