|
 |
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.24/include/selinux/av_permissions.h
|
|
|
aebde75 |
--- nsalibselinux/include/selinux/av_permissions.h 2007-07-16 14:20:45.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/include/selinux/av_permissions.h 2007-07-23 10:21:34.000000000 -0400
|
|
|
8ffc280 |
@@ -290,12 +290,16 @@
|
|
|
8ffc280 |
#define NODE__RAWIP_RECV 0x00000010UL
|
|
|
8ffc280 |
#define NODE__RAWIP_SEND 0x00000020UL
|
|
|
8ffc280 |
#define NODE__ENFORCE_DEST 0x00000040UL
|
|
|
8ffc280 |
+#define NODE__DCCP_RECV 0x00000080UL
|
|
|
8ffc280 |
+#define NODE__DCCP_SEND 0x00000100UL
|
|
|
8ffc280 |
#define NETIF__TCP_RECV 0x00000001UL
|
|
|
8ffc280 |
#define NETIF__TCP_SEND 0x00000002UL
|
|
|
8ffc280 |
#define NETIF__UDP_RECV 0x00000004UL
|
|
|
8ffc280 |
#define NETIF__UDP_SEND 0x00000008UL
|
|
|
8ffc280 |
#define NETIF__RAWIP_RECV 0x00000010UL
|
|
|
8ffc280 |
#define NETIF__RAWIP_SEND 0x00000020UL
|
|
|
8ffc280 |
+#define NETIF__DCCP_RECV 0x00000040UL
|
|
|
8ffc280 |
+#define NETIF__DCCP_SEND 0x00000080UL
|
|
|
8ffc280 |
#define NETLINK_SOCKET__IOCTL 0x00000001UL
|
|
|
8ffc280 |
#define NETLINK_SOCKET__READ 0x00000002UL
|
|
|
8ffc280 |
#define NETLINK_SOCKET__WRITE 0x00000004UL
|
|
|
8ffc280 |
@@ -837,6 +841,8 @@
|
|
|
8ffc280 |
#define NSCD__SHMEMPWD 0x00000020UL
|
|
|
8ffc280 |
#define NSCD__SHMEMGRP 0x00000040UL
|
|
|
8ffc280 |
#define NSCD__SHMEMHOST 0x00000080UL
|
|
|
8ffc280 |
+#define NSCD__GETSERV 0x00000100UL
|
|
|
8ffc280 |
+#define NSCD__SHMEMSERV 0x00000200UL
|
|
|
8ffc280 |
#define ASSOCIATION__SENDTO 0x00000001UL
|
|
|
8ffc280 |
#define ASSOCIATION__RECVFROM 0x00000002UL
|
|
|
8ffc280 |
#define ASSOCIATION__SETCONTEXT 0x00000004UL
|
|
|
8ffc280 |
@@ -897,3 +903,28 @@
|
|
|
8ffc280 |
#define KEY__CREATE 0x00000040UL
|
|
|
8ffc280 |
#define CONTEXT__TRANSLATE 0x00000001UL
|
|
|
8ffc280 |
#define CONTEXT__CONTAINS 0x00000002UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__IOCTL 0x00000001UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__READ 0x00000002UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__WRITE 0x00000004UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__CREATE 0x00000008UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__GETATTR 0x00000010UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__SETATTR 0x00000020UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__LOCK 0x00000040UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__RELABELFROM 0x00000080UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__RELABELTO 0x00000100UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__APPEND 0x00000200UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__BIND 0x00000400UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__CONNECT 0x00000800UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__LISTEN 0x00001000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__ACCEPT 0x00002000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__GETOPT 0x00004000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__SETOPT 0x00008000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__RECVFROM 0x00020000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__SENDTO 0x00040000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__RECV_MSG 0x00080000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__SEND_MSG 0x00100000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__NAME_BIND 0x00200000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__NODE_BIND 0x00400000UL
|
|
|
8ffc280 |
+#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
|
|
|
8ffc280 |
+#define MEMPROTECT__MMAP_ZERO 0x00000001UL
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/flask.h libselinux-2.0.24/include/selinux/flask.h
|
|
|
aebde75 |
--- nsalibselinux/include/selinux/flask.h 2007-07-16 14:20:45.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/include/selinux/flask.h 2007-07-23 10:21:34.000000000 -0400
|
|
|
8ffc280 |
@@ -64,6 +64,8 @@
|
|
|
8ffc280 |
#define SECCLASS_PACKET 57
|
|
|
8ffc280 |
#define SECCLASS_KEY 58
|
|
|
8ffc280 |
#define SECCLASS_CONTEXT 59
|
|
|
8ffc280 |
+#define SECCLASS_DCCP_SOCKET 60
|
|
|
8ffc280 |
+#define SECCLASS_MEMPROTECT 61
|
|
|
8ffc280 |
|
|
|
8ffc280 |
/*
|
|
|
8ffc280 |
* Security identifier indices for initial entities
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/Makefile libselinux-2.0.24/Makefile
|
|
|
aebde75 |
--- nsalibselinux/Makefile 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/Makefile 2007-07-23 10:21:34.000000000 -0400
|
|
|
3e1ba6d |
@@ -20,6 +20,9 @@
|
|
|
3e1ba6d |
$(MAKE) -C src
|
|
|
3e1ba6d |
$(MAKE) -C utils
|
|
|
35bc5a8 |
|
|
|
8e8fca8 |
+swigify: all
|
|
|
3e1ba6d |
+ $(MAKE) -C src swigify
|
|
|
35bc5a8 |
+
|
|
|
3e1ba6d |
pywrap:
|
|
|
3e1ba6d |
$(MAKE) -C src pywrap
|
|
|
4dca0c4 |
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_add_callback.3 libselinux-2.0.24/man/man3/avc_add_callback.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/avc_add_callback.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/avc_add_callback.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,26 +6,26 @@
|
|
|
8e8fca8 |
avc_add_callback \- additional event notification for SELinux userspace object managers.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/avc.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
|
|
|
8e8fca8 |
.in +\w'int avc_add_callback(int (*callback)('u
|
|
|
8e8fca8 |
.BI "security_id_t " ssid ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "security_id_t " tsid ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "security_class_t " tclass ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "access_vector_t " perms ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "access_vector_t *" out_retained "),"
|
|
|
8e8fca8 |
.in
|
|
|
8e8fca8 |
.in +\w'int avc_add_callback('u
|
|
|
8e8fca8 |
.BI "uint32_t " events ", security_id_t " ssid ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "security_id_t " tsid ", security_class_t " tclass ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "access_vector_t " perms ");"
|
|
|
8e8fca8 |
.in
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_cache_stats.3 libselinux-2.0.24/man/man3/avc_cache_stats.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/avc_cache_stats.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/avc_cache_stats.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,7 +6,7 @@
|
|
|
8e8fca8 |
avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/avc.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "void avc_av_stats(void);"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_compute_create.3 libselinux-2.0.24/man/man3/avc_compute_create.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/avc_compute_create.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/avc_compute_create.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,7 +6,7 @@
|
|
|
8e8fca8 |
avc_compute_create \- obtain SELinux label for new object.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/avc.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_context_to_sid.3 libselinux-2.0.24/man/man3/avc_context_to_sid.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/avc_context_to_sid.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/avc_context_to_sid.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,7 +6,7 @@
|
|
|
8e8fca8 |
avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/avc.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_has_perm.3 libselinux-2.0.24/man/man3/avc_has_perm.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/avc_has_perm.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/avc_has_perm.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,7 +6,7 @@
|
|
|
8e8fca8 |
avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/avc.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
|
|
|
8e8fca8 |
@@ -14,21 +14,21 @@
|
|
|
8e8fca8 |
.BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
|
|
|
8e8fca8 |
.in +\w'int avc_has_perm('u
|
|
|
8e8fca8 |
.BI "security_class_t " tclass ", access_vector_t " requested ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
|
|
|
8e8fca8 |
.in
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
|
|
|
8e8fca8 |
.in +\w'int avc_has_perm('u
|
|
|
8e8fca8 |
.BI "security_class_t " tclass ", access_vector_t " requested ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
|
|
|
8e8fca8 |
.in
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
|
|
|
8e8fca8 |
.in +\w'void avc_audit('u
|
|
|
8e8fca8 |
.BI "security_class_t " tclass ", access_vector_t " requested ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
|
|
|
8e8fca8 |
.in
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/avc_init.3 libselinux-2.0.24/man/man3/avc_init.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/avc_init.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/avc_init.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,17 +6,17 @@
|
|
|
8e8fca8 |
avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/avc.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int avc_init(const char *" msgprefix ,
|
|
|
8e8fca8 |
.in +\w'int avc_init('u
|
|
|
8e8fca8 |
.BI "const struct avc_memory_callback *" mem_callbacks ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "const struct avc_log_callback *" log_callbacks ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "const struct avc_thread_callback *" thread_callbacks ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "const struct avc_lock_callback *" lock_callbacks ");"
|
|
|
8e8fca8 |
.in
|
|
|
8e8fca8 |
.sp
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-2.0.24/man/man3/context_new.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/context_new.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/context_new.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -4,27 +4,27 @@
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/context.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "context_t context_new(const char *" context_str );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_str(context_t " con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "void context_free(context_t " con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_type_get(context_t " con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_range_get(context_t " con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_role_get(context_t " con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_user_get(context_t " con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_type_set(context_t " con ", const char* " type);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_range_set(context_t " con ", const char* " range);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_role_set(context_t " con ", const char* " role );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B "const char * context_user_set(context_t " con ", const char* " user );
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/freecon.3 libselinux-2.0.24/man/man3/freecon.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/freecon.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/freecon.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -5,7 +5,7 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "void freecon(security_context_t "con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "void freeconary(security_context_t *" con );
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-2.0.24/man/man3/getcon.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/getcon.3 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/getcon.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -1,21 +1,21 @@
|
|
|
8e8fca8 |
.TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
|
|
|
8e8fca8 |
.SH "NAME"
|
|
|
8e8fca8 |
getcon, getprevcon, getpidcon \- get SELinux security context of a process.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
getpeercon - get security context of a peer socket.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
setcon - set current security context of a process.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int getcon(security_context_t *" context );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int getprevcon(security_context_t *" context );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int getpeercon(int " fd ", security_context_t *" context);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int setcon(security_context_t " context);
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-2.0.24/man/man3/getexeccon.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/getexeccon.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/getexeccon.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -1,16 +1,16 @@
|
|
|
8e8fca8 |
.TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
|
|
|
8e8fca8 |
.SH "NAME"
|
|
|
8e8fca8 |
getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
rpm_execcon \- run a helper for rpm in an appropriate security context
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int getexeccon(security_context_t *" context );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int setexeccon(security_context_t "context );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
8e8fca8 |
@@ -26,16 +26,16 @@
|
|
|
8e8fca8 |
setexeccon to reset to the default policy behavior.
|
|
|
8e8fca8 |
The exec context is automatically reset after the next execve, so a
|
|
|
8e8fca8 |
program doesn't need to explicitly sanitize it upon startup.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
setexeccon can be applied prior to library
|
|
|
8e8fca8 |
functions that internally perform an execve, e.g. execl*, execv*, popen,
|
|
|
8e8fca8 |
in order to set an exec context for that operation.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
Note: Signal handlers that perform an execve must take care to
|
|
|
8e8fca8 |
save, reset, and restore the exec context to avoid unexpected behaviors.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.B rpm_execcon
|
|
|
8e8fca8 |
runs a helper for rpm in an appropriate security context. The
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfilecon.3 libselinux-2.0.24/man/man3/getfilecon.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/getfilecon.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/getfilecon.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -5,9 +5,9 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int getfilecon(const char *" path ", security_context_t *" con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int lgetfilecon(const char *" path ", security_context_t *" con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int fgetfilecon(int "fd ", security_context_t *" con );
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
8e8fca8 |
.B getfilecon
|
|
|
8e8fca8 |
@@ -22,7 +22,6 @@
|
|
|
8e8fca8 |
is identical to getfilecon, only the open file pointed to by filedes (as
|
|
|
8e8fca8 |
returned by open(2)) is interrogated in place of path.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
The returned context should be freed with freecon if non-NULL.
|
|
|
8e8fca8 |
.SH "RETURN VALUE"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getfscreatecon.3 libselinux-2.0.24/man/man3/getfscreatecon.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/getfscreatecon.3 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/getfscreatecon.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,7 +6,7 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int getfscreatecon(security_context_t *" con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int setfscreatecon(security_context_t "context );
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
8e8fca8 |
@@ -22,11 +22,11 @@
|
|
|
8e8fca8 |
setfscreatecon to reset to the default policy behavior.
|
|
|
8e8fca8 |
The fscreate context is automatically reset after the next execve, so a
|
|
|
8e8fca8 |
program doesn't need to explicitly sanitize it upon startup.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
setfscreatecon can be applied prior to library
|
|
|
8e8fca8 |
functions that internally perform an file creation,
|
|
|
8e8fca8 |
in order to set an file context on the objects.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
Note: Signal handlers that perform an setfscreate must take care to
|
|
|
8e8fca8 |
save, reset, and restore the fscreate context to avoid unexpected behaviors.
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-2.0.24/man/man3/get_ordered_context_list.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/get_ordered_context_list.3 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/get_ordered_context_list.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -4,7 +4,7 @@
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/get_context_list.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getseuserbyname.3 libselinux-2.0.24/man/man3/getseuserbyname.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/getseuserbyname.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/getseuserbyname.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -12,7 +12,7 @@
|
|
|
8e8fca8 |
then be passed to other libselinux functions such as
|
|
|
8e8fca8 |
get_ordered_context_list_with_level and get_default_context_with_level.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
The returned SELinux username and level should be freed by the caller
|
|
|
8e8fca8 |
using free.
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/is_context_customizable.3 libselinux-2.0.24/man/man3/is_context_customizable.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/is_context_customizable.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/is_context_customizable.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -8,7 +8,7 @@
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
8e8fca8 |
.B is_context_customizable
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
|
|
|
8e8fca8 |
administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
|
|
|
8e8fca8 |
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-2.0.24/man/man3/matchmediacon.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/matchmediacon.3 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/matchmediacon.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,14 +6,14 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B matchmediacon
|
|
|
8e8fca8 |
matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context.
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B Note:
|
|
|
8e8fca8 |
Caller must free returned security context "con" using freecon.
|
|
|
8e8fca8 |
.SH "RETURN VALUE"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.24/man/man3/matchpathcon.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/matchpathcon.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/matchpathcon.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,18 +6,18 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int matchpathcon_init(const char *" path ");"
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int matchpathcon_fini(void);"
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "void set_matchpathcon_printf(void (*" f ")(const char *" fmt ", ...));"
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "void set_matchpathcon_invalidcon(int (*" f ")(const char *"path ", unsigned " lineno ", char * " context "));"
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "void set_matchpathcon_flags(unsigned int " flags ");"
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
8e8fca8 |
.B matchpathcon_init
|
|
|
8e8fca8 |
loads the file contexts configuration specified by
|
|
|
8e8fca8 |
@@ -40,7 +40,7 @@
|
|
|
8e8fca8 |
suffix are also looked up and loaded if present. These files provide
|
|
|
8e8fca8 |
dynamically generated entries for user home directories and for local
|
|
|
8e8fca8 |
customizations.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.B matchpathcon_fini
|
|
|
8e8fca8 |
frees the memory allocated by a prior call to
|
|
|
8e8fca8 |
@@ -49,7 +49,7 @@
|
|
|
8e8fca8 |
.B matchpathcon_init
|
|
|
8e8fca8 |
calls, or to free memory when finished using
|
|
|
8e8fca8 |
.B matchpathcon.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.B matchpathcon
|
|
|
8e8fca8 |
matches the specified pathname and mode against the file contexts
|
|
|
8e8fca8 |
@@ -72,14 +72,14 @@
|
|
|
8e8fca8 |
.I path,
|
|
|
8e8fca8 |
defaulting to the active file contexts configuration.
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B set_matchpathcon_printf
|
|
|
8e8fca8 |
sets the function used by
|
|
|
8e8fca8 |
.B matchpathcon_init
|
|
|
8e8fca8 |
when displaying errors about the file contexts configuration. If not set,
|
|
|
8e8fca8 |
then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect
|
|
|
8e8fca8 |
error reporting to a different destination.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.B set_matchpathcon_invalidcon
|
|
|
8e8fca8 |
sets the function used by
|
|
|
8e8fca8 |
@@ -100,7 +100,7 @@
|
|
|
8e8fca8 |
and
|
|
|
8e8fca8 |
.I lineno
|
|
|
8e8fca8 |
in such error messages.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.B set_matchpathcon_flags
|
|
|
8e8fca8 |
sets flags controlling the operation of
|
|
|
8e8fca8 |
@@ -111,7 +111,7 @@
|
|
|
8e8fca8 |
.B MATCHPATHCON_BASEONLY
|
|
|
8e8fca8 |
flag is set, then only the base file contexts configuration file
|
|
|
8e8fca8 |
will be processed, not any dynamically generated entries or local customizations.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.SH "RETURN VALUE"
|
|
|
8e8fca8 |
Returns 0 on success or -1 otherwise.
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_class_to_string.3 libselinux-2.0.24/man/man3/security_class_to_string.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/security_class_to_string.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/security_class_to_string.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -8,7 +8,7 @@
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/flask.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "const char * security_class_to_string(security_class_t " tclass ");"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-2.0.24/man/man3/security_compute_av.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/security_compute_av.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/security_compute_av.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,7 +6,7 @@
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/flask.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_getenforce.3 libselinux-2.0.24/man/man3/security_getenforce.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/security_getenforce.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/security_getenforce.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -5,7 +5,7 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.B int security_getenforce();
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int security_setenforce(int "value );
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-2.0.24/man/man3/security_load_booleans.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/security_load_booleans.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/security_load_booleans.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -7,15 +7,15 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
extern int security_load_booleans(char *path);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern int security_get_boolean_names(char ***names, int *len);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern int security_get_boolean_pending(const char *name);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern int security_get_boolean_active(const char *name);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern int security_set_boolean(const char *name, int value);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern int security_commit_booleans(void);
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
@@ -29,27 +29,27 @@
|
|
|
8e8fca8 |
The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
security_load_booleans
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
security_get_boolean_names
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
Returns a list of boolean names, currently supported by the loaded policy.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
security_set_boolean
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
Sets the pending value for boolean
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
security_get_boolean_pending
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
Return pending value for boolean
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
security_get_boolean_active
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
Return active value for boolean
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
security_commit_booleans
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
Commit all pending values for the booleans.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH AUTHOR
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_lookup.3 libselinux-2.0.24/man/man3/selabel_lookup.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/selabel_lookup.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/selabel_lookup.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,20 +6,20 @@
|
|
|
8e8fca8 |
selabel_lookup \- obtain SELinux security context from a string label.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/label.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
|
|
|
8e8fca8 |
.in +\w'int selabel_lookup('u
|
|
|
8e8fca8 |
.BI "security_context_t *" context ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "const char *" key ", int " type ");"
|
|
|
8e8fca8 |
.in
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int selabel_lookup_raw(struct selabel_handle *" hnd ,
|
|
|
8e8fca8 |
.in +\w'int selabel_lookup_raw('u
|
|
|
8e8fca8 |
.BI "security_context_t *" context ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "const char *" key ", int " type ");"
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_open.3 libselinux-2.0.24/man/man3/selabel_open.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/selabel_open.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/selabel_open.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,13 +6,13 @@
|
|
|
8e8fca8 |
selabel_open, selabel_close \- userspace SELinux labeling interface.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/label.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "struct selabel_handle *selabel_open(int " backend ,
|
|
|
8e8fca8 |
.in +\w'struct selabel_handle *selabel_open('u
|
|
|
8e8fca8 |
.BI "struct selinux_opt *" options ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "unsigned " nopt ");"
|
|
|
8e8fca8 |
.in
|
|
|
8e8fca8 |
.sp
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selabel_stats.3 libselinux-2.0.24/man/man3/selabel_stats.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/selabel_stats.3 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/selabel_stats.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,7 +6,7 @@
|
|
|
8e8fca8 |
selabel_stats \- obtain SELinux labeling statistics.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/label.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "void selabel_lookup(struct selabel_handle *" hnd ");"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-2.0.24/man/man3/selinux_binary_policy_path.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/selinux_binary_policy_path.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/selinux_binary_policy_path.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -10,27 +10,27 @@
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_policy_root(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_binary_policy_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_failsafe_context_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_removable_context_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_default_context_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_user_contexts_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_file_context_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_media_context_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_securetty_types_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_contexts_path(void);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
extern const char *selinux_booleans_path(void);
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_getenforcemode.3 libselinux-2.0.24/man/man3/selinux_getenforcemode.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/selinux_getenforcemode.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/selinux_getenforcemode.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -5,13 +5,13 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.B int selinux_getenforcemode(int *enforce);
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
8e8fca8 |
.B selinux_getenforcemode
|
|
|
8e8fca8 |
Reads the contents of the /etc/selinux/config file to determine how the
|
|
|
8e8fca8 |
system was setup to run SELinux.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
|
|
|
8e8fca8 |
Sets the value of enforce to 0 if SELinux should be run in permissive mode.
|
|
|
8e8fca8 |
Sets the value of enforce to -1 if SELinux should be disabled.
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_policy_root.3 libselinux-2.0.24/man/man3/selinux_policy_root.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/selinux_policy_root.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/selinux_policy_root.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -5,7 +5,7 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.B char *selinux_policy_root();
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
8e8fca8 |
.B selinux_policy_root
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_set_callback.3 libselinux-2.0.24/man/man3/selinux_set_callback.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/selinux_set_callback.3 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/selinux_set_callback.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -39,11 +39,11 @@
|
|
|
8e8fca8 |
argument indicates the type of message and will be set to one of the following:
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.B SELINUX_ERROR
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B SELINUX_WARNING
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B SELINUX_INFO
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B SELINUX_AVC
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.TP
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setfilecon.3 libselinux-2.0.24/man/man3/setfilecon.3
|
|
|
aebde75 |
--- nsalibselinux/man/man3/setfilecon.3 2007-07-16 14:20:47.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man3/setfilecon.3 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,9 +6,9 @@
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int setfilecon(const char *" path ", security_context_t "con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int lsetfilecon(const char *" path ", security_context_t "con );
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "int fsetfilecon(int "fd ", security_context_t "con );
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_file.5 libselinux-2.0.24/man/man5/selabel_file.5
|
|
|
aebde75 |
--- nsalibselinux/man/man5/selabel_file.5 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man5/selabel_file.5 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,13 +6,13 @@
|
|
|
8e8fca8 |
selabel_file \- userspace SELinux labeling interface: file contexts backend.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/label.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
|
|
|
8e8fca8 |
.in +\w'int selabel_lookup('u
|
|
|
8e8fca8 |
.BI "security_context_t *" context ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "const char *" path ", int " mode ");"
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_media.5 libselinux-2.0.24/man/man5/selabel_media.5
|
|
|
aebde75 |
--- nsalibselinux/man/man5/selabel_media.5 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man5/selabel_media.5 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,13 +6,13 @@
|
|
|
8e8fca8 |
selabel_media \- userspace SELinux labeling interface: media contexts backend.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/label.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
|
|
|
8e8fca8 |
.in +\w'int selabel_lookup('u
|
|
|
8e8fca8 |
.BI "security_context_t *" context ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "const char *" device_name ", int " unused ");"
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man5/selabel_x.5 libselinux-2.0.24/man/man5/selabel_x.5
|
|
|
aebde75 |
--- nsalibselinux/man/man5/selabel_x.5 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man5/selabel_x.5 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -6,13 +6,13 @@
|
|
|
8e8fca8 |
selabel_x \- userspace SELinux labeling interface: X Window System contexts backend.
|
|
|
8e8fca8 |
.SH "SYNOPSIS"
|
|
|
8e8fca8 |
.B #include <selinux/selinux.h>
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B #include <selinux/label.h>
|
|
|
8e8fca8 |
.sp
|
|
|
8e8fca8 |
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
|
|
|
8e8fca8 |
.in +\w'int selabel_lookup('u
|
|
|
8e8fca8 |
.BI "security_context_t *" context ,
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.BI "const char *" object_name ", int " object_type ");"
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH "DESCRIPTION"
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/matchpathcon.8 libselinux-2.0.24/man/man8/matchpathcon.8
|
|
|
aebde75 |
--- nsalibselinux/man/man8/matchpathcon.8 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man8/matchpathcon.8 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -10,16 +10,16 @@
|
|
|
8e8fca8 |
.SH OPTIONS
|
|
|
8e8fca8 |
.B \-n
|
|
|
8e8fca8 |
Do not display path.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B \-N
|
|
|
8e8fca8 |
Do not use translations.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B \-f file_context_file
|
|
|
8e8fca8 |
Use alternate file_context file
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B \-p prefix
|
|
|
8e8fca8 |
Use prefix to speed translations
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
.B \-V
|
|
|
8e8fca8 |
Verify file context on disk matches defaults
|
|
|
8e8fca8 |
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinux.8 libselinux-2.0.24/man/man8/selinux.8
|
|
|
aebde75 |
--- nsalibselinux/man/man8/selinux.8 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/man/man8/selinux.8 2007-07-23 10:21:34.000000000 -0400
|
|
|
8e8fca8 |
@@ -62,14 +62,13 @@
|
|
|
8e8fca8 |
.B system-config-securitylevel
|
|
|
8e8fca8 |
allows customization of these booleans and tunables.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH FILE LABELING
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
|
|
|
8e8fca8 |
Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
|
|
|
8e8fca8 |
-.br
|
|
|
8e8fca8 |
+
|
|
|
8e8fca8 |
The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
|
|
|
8e8fca8 |
|
|
|
8e8fca8 |
.SH AUTHOR
|
|
|
aebde75 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.24/src/matchpathcon.c
|
|
|
aebde75 |
--- nsalibselinux/src/matchpathcon.c 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/src/matchpathcon.c 2007-07-23 10:21:34.000000000 -0400
|
|
|
aebde75 |
@@ -65,7 +65,7 @@
|
|
|
aebde75 |
#ifdef __GNUC__
|
|
|
aebde75 |
__attribute__ ((format(printf, 1, 2)))
|
|
|
aebde75 |
#endif
|
|
|
aebde75 |
- (*myprintf) (const char *fmt,...);
|
|
|
aebde75 |
+ (*myprintf) (const char *fmt,...) = &default_printf;
|
|
|
aebde75 |
|
|
|
aebde75 |
void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
|
|
|
aebde75 |
{
|
|
|
44ef5d5 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/stringrep.c libselinux-2.0.24/src/stringrep.c
|
|
|
44ef5d5 |
--- nsalibselinux/src/stringrep.c 2007-07-16 14:20:46.000000000 -0400
|
|
|
44ef5d5 |
+++ libselinux-2.0.24/src/stringrep.c 2007-07-23 10:21:54.000000000 -0400
|
|
|
44ef5d5 |
@@ -236,7 +236,7 @@
|
|
|
44ef5d5 |
|
|
|
44ef5d5 |
dentry = readdir(dir);
|
|
|
44ef5d5 |
while (dentry != NULL) {
|
|
|
44ef5d5 |
- size_t value;
|
|
|
44ef5d5 |
+ unsigned int value;
|
|
|
44ef5d5 |
struct stat m;
|
|
|
44ef5d5 |
|
|
|
44ef5d5 |
snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
|
|
|
44ef5d5 |
@@ -258,7 +258,7 @@
|
|
|
44ef5d5 |
if (ret < 0)
|
|
|
44ef5d5 |
goto err4;
|
|
|
44ef5d5 |
|
|
|
44ef5d5 |
- if (sscanf(buf, "%u", (unsigned int *)&value) != 1)
|
|
|
44ef5d5 |
+ if (sscanf(buf, "%u", &value) != 1)
|
|
|
44ef5d5 |
goto err4;
|
|
|
44ef5d5 |
|
|
|
44ef5d5 |
node->perms[value-1] = strdup(dentry->d_name);
|