libselinux: getcon.3: add note about PID races

Add a note that querying a foreign process via its PID is inherently racy. Suggested-by: Stephen Smalley <[email protected]> Signed-off-by: Christian Göttsche <[email protected]> Acked-by: Jason Zaman <[email protected]>
SELinuxProject · Feb 11, 2023 · 49e65b8 · 49e65b8
1 parent 494eb68
commit 49e65b8
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/libselinux/man/man3/getcon.3 b/libselinux/man/man3/getcon.3
@@ -149,5 +149,9 @@ The retrieval functions might return success and set
 .I *context
 to NULL if and only if SELinux is not enabled.
 
+Querying a foreign process via its PID, e.g. \fBgetpidcon\fR() or
+\fBgetpidprevcon\fR(), is inherently racy and therefore should never be relied
+upon for security purposes.
+
 .SH "SEE ALSO"
 .BR selinux "(8), " setexeccon "(3)"