|
|
0e009d1 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-2.0.71/man/man3/matchpathcon.3
|
|
|
0e009d1 |
--- nsalibselinux/man/man3/matchpathcon.3 2008-08-28 09:34:24.000000000 -0400
|
|
|
dd2e2b5 |
+++ libselinux-2.0.71/man/man3/matchpathcon.3 2008-09-26 10:21:43.000000000 -0400
|
|
|
0e009d1 |
@@ -18,6 +18,11 @@
|
|
|
0e009d1 |
|
|
|
0e009d1 |
.BI "void set_matchpathcon_flags(unsigned int " flags ");"
|
|
|
0e009d1 |
|
|
|
0e009d1 |
+.BI "int selinux_file_context_cmp(const security_context_t a,
|
|
|
0e009d1 |
+ const security_context_t b);"
|
|
|
0e009d1 |
+
|
|
|
0e009d1 |
+.BI "int selinux_file_context_verify(const char *path, mode_t mode);"
|
|
|
0e009d1 |
+
|
|
|
0e009d1 |
.SH "DESCRIPTION"
|
|
|
0e009d1 |
.B matchpathcon_init
|
|
|
0e009d1 |
loads the file contexts configuration specified by
|
|
|
0e009d1 |
@@ -111,6 +116,12 @@
|
|
|
0e009d1 |
.B MATCHPATHCON_BASEONLY
|
|
|
0e009d1 |
flag is set, then only the base file contexts configuration file
|
|
|
0e009d1 |
will be processed, not any dynamically generated entries or local customizations.
|
|
|
0e009d1 |
+.sp
|
|
|
0e009d1 |
+.B selinux_file_context_cmp
|
|
|
0e009d1 |
+compares two file contexts to see if their differences are "significant", the function runs the strcmp function ignoring the user componant of the file context.
|
|
|
0e009d1 |
+.sp
|
|
|
0e009d1 |
+.B selinux_file_context_verify
|
|
|
0e009d1 |
+compares the file context on disk to the system default.
|
|
|
0e009d1 |
|
|
|
0e009d1 |
.sp
|
|
|
0e009d1 |
.SH "RETURN VALUE"
|
|
|
0e009d1 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_cmp.3 libselinux-2.0.71/man/man3/selinux_file_context_cmp.3
|
|
|
0e009d1 |
--- nsalibselinux/man/man3/selinux_file_context_cmp.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
dd2e2b5 |
+++ libselinux-2.0.71/man/man3/selinux_file_context_cmp.3 2008-09-26 10:21:43.000000000 -0400
|
|
|
0e009d1 |
@@ -0,0 +1 @@
|
|
|
0e009d1 |
+.so man3/matchpathcon.3
|
|
|
0e009d1 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_verify.3 libselinux-2.0.71/man/man3/selinux_file_context_verify.3
|
|
|
0e009d1 |
--- nsalibselinux/man/man3/selinux_file_context_verify.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
dd2e2b5 |
+++ libselinux-2.0.71/man/man3/selinux_file_context_verify.3 2008-09-26 10:21:43.000000000 -0400
|
|
|
0e009d1 |
@@ -0,0 +1 @@
|
|
|
0e009d1 |
+.so man3/matchpathcon.3
|
|
|
b345116 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.71/man/man8/selinuxconlist.8
|
|
|
6137b9c |
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
|
|
|
dd2e2b5 |
+++ libselinux-2.0.71/man/man8/selinuxconlist.8 2008-09-26 10:21:43.000000000 -0400
|
|
|
6137b9c |
@@ -0,0 +1,18 @@
|
|
|
6137b9c |
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
6137b9c |
+.SH "NAME"
|
|
|
6137b9c |
+selinuxconlist \- list all SELinux context reachable for user
|
|
|
6137b9c |
+.SH "SYNOPSIS"
|
|
|
6137b9c |
+.B selinuxconlist [-l level] user [context]
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.SH "DESCRIPTION"
|
|
|
6137b9c |
+.B selinuxconlist
|
|
|
6137b9c |
+reports the list of context reachable for user from the current context or specified context
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.B \-l level
|
|
|
6137b9c |
+mcs/mls level
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.SH AUTHOR
|
|
|
6137b9c |
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.SH "SEE ALSO"
|
|
|
6137b9c |
+secon(8), selinuxdefcon(8)
|
|
|
b345116 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.71/man/man8/selinuxdefcon.8
|
|
|
6137b9c |
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
|
|
|
dd2e2b5 |
+++ libselinux-2.0.71/man/man8/selinuxdefcon.8 2008-09-26 10:21:43.000000000 -0400
|
|
|
6137b9c |
@@ -0,0 +1,19 @@
|
|
|
6137b9c |
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
6137b9c |
+.SH "NAME"
|
|
|
6137b9c |
+selinuxdefcon \- list default SELinux context for user
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.SH "SYNOPSIS"
|
|
|
6137b9c |
+.B selinuxdefcon [-l level] user [fromcon]
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.SH "DESCRIPTION"
|
|
|
6137b9c |
+.B seconlist
|
|
|
6137b9c |
+reports the default context for the specified user from current context or specified context
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.B \-l level
|
|
|
6137b9c |
+mcs/mls level
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.SH AUTHOR
|
|
|
6137b9c |
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
6137b9c |
+
|
|
|
6137b9c |
+.SH "SEE ALSO"
|
|
|
6137b9c |
+secon(8), selinuxconlist(8)
|
|
|
b345116 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.71/src/callbacks.c
|
|
|
b345116 |
--- nsalibselinux/src/callbacks.c 2008-08-28 09:34:24.000000000 -0400
|
|
|
dd2e2b5 |
+++ libselinux-2.0.71/src/callbacks.c 2008-09-26 10:21:43.000000000 -0400
|
|
|
94f8e13 |
@@ -16,6 +16,7 @@
|
|
|
88ff8b4 |
{
|
|
|
94f8e13 |
int rc;
|
|
|
94f8e13 |
va_list ap;
|
|
|
94f8e13 |
+ if (is_selinux_enabled() == 0) return 0;
|
|
|
94f8e13 |
va_start(ap, fmt);
|
|
|
94f8e13 |
rc = vfprintf(stderr, fmt, ap);
|
|
|
94f8e13 |
va_end(ap);
|
|
|
b345116 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.71/src/matchpathcon.c
|
|
|
b345116 |
--- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
|
|
|
dd2e2b5 |
+++ libselinux-2.0.71/src/matchpathcon.c 2008-09-26 10:21:43.000000000 -0400
|
|
|
71cd138 |
@@ -2,6 +2,7 @@
|
|
|
71cd138 |
#include <string.h>
|
|
|
71cd138 |
#include <errno.h>
|
|
|
71cd138 |
#include <stdio.h>
|
|
|
71cd138 |
+#include <syslog.h>
|
|
|
71cd138 |
#include "selinux_internal.h"
|
|
|
71cd138 |
#include "label_internal.h"
|
|
|
71cd138 |
#include "callbacks.h"
|
|
|
0fa749d |
@@ -57,7 +58,7 @@
|
|
|
71cd138 |
{
|
|
|
71cd138 |
va_list ap;
|
|
|
71cd138 |
va_start(ap, fmt);
|
|
|
71cd138 |
- vfprintf(stderr, fmt, ap);
|
|
|
0fa749d |
+ vsyslog(LOG_ERR, fmt, ap);
|
|
|
71cd138 |
va_end(ap);
|
|
|
71cd138 |
}
|
|
|
71cd138 |
|
|
|
0e009d1 |
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.71/utils/matchpathcon.c
|
|
|
0e009d1 |
--- nsalibselinux/utils/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
|
|
|
dd2e2b5 |
+++ libselinux-2.0.71/utils/matchpathcon.c 2008-09-26 10:21:43.000000000 -0400
|
|
|
0e009d1 |
@@ -106,12 +106,12 @@
|
|
|
0e009d1 |
|
|
|
0e009d1 |
if (verify) {
|
|
|
0e009d1 |
if (quiet) {
|
|
|
0e009d1 |
- if (selinux_file_context_verify(argv[i], 0))
|
|
|
0e009d1 |
+ if (selinux_file_context_verify(argv[i], mode))
|
|
|
0e009d1 |
continue;
|
|
|
0e009d1 |
else
|
|
|
0e009d1 |
exit(1);
|
|
|
0e009d1 |
}
|
|
|
0e009d1 |
- if (selinux_file_context_verify(argv[i], 0)) {
|
|
|
0e009d1 |
+ if (selinux_file_context_verify(argv[i], mode)) {
|
|
|
0e009d1 |
printf("%s verified.\n", argv[i]);
|
|
|
0e009d1 |
} else {
|
|
|
0e009d1 |
security_context_t con;
|