|
I am attempting to use the fsetfilecon() call within a C
program. Several other libselinux calls are working OK, but this call
fails in enforcing mode (it works in permissive mode). The audit.log and audit2allow are suggesting policy code
that I already have in the policy. I suspect that I'm being bitten by a "don't
audit" rule somewhere. Is there a reference policy macro that I can include to
get fsetfilecon() to work? Note: I already included selinux_get_enforce_mode(
t_selinux_api_t ); To get the security_getenforce() function to work. Thanks, Brian |