9c46a0a315
Some programs, like passwd, need to do simeple one time access checks. Rather than set up a full avc cache and use that infrastructure they were directly using security_compute_av. A problem with this approach is the lack of audit on denials. This patch creates a new interface that is simple to use and which will still listen to things like permissive and output audit messages on denials. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
1 line
31 B
Groff
1 line
31 B
Groff
.so man3/security_compute_av.3
|