--- libselinux-1.19.1/include/selinux/selinux.h.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/include/selinux/selinux.h 2004-11-19 11:21:37.514236820 -0500
@@ -176,7 +176,7 @@
/* Match the specified media and against the media contexts
configuration and set *con to refer to the resulting context.
Caller must free con via freecon. */
-extern int matchmediacon(const char *path,
+extern int matchmediacon(const char *media,
security_context_t *con);
/*
--- libselinux-1.19.1/utils/setsebool.c.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/utils/setsebool.c 2004-11-19 11:21:37.560231630 -0500
@@ -35,6 +35,8 @@
if (strcmp(argv[1], "-P") == 0) {
permanent = 1;
+ if (argc < 3)
+ usage();
start = 2;
}
else
--- libselinux-1.19.1/utils/getsebool.c.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/utils/getsebool.c 2004-11-19 11:21:37.559231743 -0500
@@ -83,8 +83,14 @@
rc = -1;
goto out;
}
- printf("%s --> active: %d pending: %d\n", names[i],
- active, pending);
+ if (pending != active) {
+ printf("%s --> %s pending: %s\n", names[i],
+ ( active ? "active" : "inactive"),
+ ( pending ? "active" : "inactive"));
+ } else {
+ printf("%s --> %s\n", names[i],
+ ( active ? "active" : "inactive"));
+ }
}
out:
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/utils/avcstat.c 2004-11-19 11:21:37.558231856 -0500
@@ -0,0 +1,224 @@
+/*
+ * avcstat - Display SELinux avc statistics.
+ *
+ * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <linux/limits.h>
+
+#define DEF_STAT_FILE "/avc/cache_stats"
+#define DEF_BUF_SIZE 8192
+#define HEADERS "lookups hits misses allocations reclaims frees"
+
+struct avc_cache_stats {
+ unsigned int lookups;
+ unsigned int hits;
+ unsigned int misses;
+ unsigned int allocations;
+ unsigned int reclaims;
+ unsigned int frees;
+};
+
+static int interval;
+static int rows;
+static char *progname;
+static char buf[DEF_BUF_SIZE];
+
+/* selinuxfs mount point */
+extern char *selinux_mnt;
+
+
+static void die(const char *msg, ...)
+{
+ va_list args;
+
+ fputs("ERROR: ", stderr);
+
+ va_start(args, msg);
+ vfprintf(stderr, msg, args);
+ va_end(args);
+
+ if (errno)
+ fprintf(stderr, ": %s", strerror(errno));
+
+ fputc('\n', stderr);
+ exit(1);
+}
+
+static void usage(void)
+{
+ printf("\nUsage: %s [-c] [-f status_file] [interval]\n\n", progname);
+ printf("Display SELinux AVC statistics. If the interval parameter is specified, the\n");
+ printf("program will loop, displaying updated statistics every \'interval\' seconds.\n");
+ printf("Relative values are displayed by default. Use the -c option to specify the\n");
+ printf("display of cumulative values. The -f option specifies the location of the\n");
+ printf("AVC statistics file, defaulting to \'%s\%s\'.\n\n", selinux_mnt, DEF_STAT_FILE);
+}
+
+static void set_window_rows(void)
+{
+ int ret;
+ struct winsize ws;
+
+ ret = ioctl(fileno(stdout), TIOCGWINSZ, &ws);
+ if (ret < 0 || ws.ws_row < 3)
+ ws.ws_row = 24;
+ rows = ws.ws_row;
+}
+
+static void sighandler(int num)
+{
+ if (num == SIGWINCH)
+ set_window_rows();
+}
+
+int main(int argc, char **argv)
+{
+ int fd, i, cumulative = 0;
+ struct sigaction sa;
+ char avcstatfile[PATH_MAX];
+ snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE);
+ progname = basename(argv[0]);
+
+ while((i = getopt(argc, argv, "cf:h?-")) != -1) {
+ switch (i) {
+ case 'c':
+ cumulative = 1;
+ break;
+ case 'f':
+ strncpy(avcstatfile, optarg, sizeof avcstatfile);
+ break;
+ case 'h':
+ case '-':
+ usage();
+ exit(0);
+ default:
+ usage();
+ die("unrecognized parameter", i);
+ }
+ }
+
+ if (optind < argc) {
+ char *arg = argv[optind];
+ unsigned int n = strtoul(arg, NULL, 10);
+
+ if (errno == ERANGE) {
+ usage();
+ die("invalid interval \'%s\'", arg);
+ }
+ if (n == 0) {
+ usage();
+ exit (0);
+ }
+ interval = n;
+ }
+
+ sa.sa_handler = sighandler;
+ sa.sa_flags = SA_RESTART;
+
+ i = sigaction(SIGWINCH, &sa, NULL);
+ if (i < 0)
+ die("sigaction");
+
+ set_window_rows();
+ fd = open(avcstatfile, O_RDONLY);
+ if (fd < 0)
+ die("open: \'%s\'", avcstatfile);
+
+ for (i = 0;; i++) {
+ char *line;
+ ssize_t ret, parsed = 0;
+ struct avc_cache_stats tot, rel, last;
+
+ memset(buf, 0, DEF_BUF_SIZE);
+ ret = read(fd, buf, DEF_BUF_SIZE);
+ if (ret < 0)
+ die("read");
+
+ if (ret == 0)
+ die("read: \'%s\': unexpected end of file", avcstatfile);
+
+ line = strtok(buf, "\n");
+ if (!line)
+ die("unable to parse \'%s\': end of line not found", avcstatfile);
+
+ if (strcmp(line, HEADERS))
+ die("unable to parse \'%s\': invalid headers", avcstatfile);
+
+ if (!i || !(i % (rows - 2)))
+ printf("%10s %10s %10s %10s %10s %10s\n", "lookups",
+ "hits", "misses", "allocs", "reclaims", "frees");
+
+ memset(&tot, 0, sizeof(tot));
+
+ while ((line = strtok(NULL, "\n"))) {
+ struct avc_cache_stats tmp;
+
+ ret = sscanf(line, "%u %u %u %u %u %u",
+ &tmp.lookups,
+ &tmp.hits,
+ &tmp.misses,
+ &tmp.allocations,
+ &tmp.reclaims,
+ &tmp.frees);
+ if (ret != 6)
+ die("unable to parse \'%s\': scan error", avcstatfile);
+
+ tot.lookups += tmp.lookups;
+ tot.hits += tmp.hits;
+ tot.misses += tmp.misses;
+ tot.allocations += tmp.allocations;
+ tot.reclaims += tmp.reclaims;
+ tot.frees += tmp.frees;
+ parsed = 1;
+ }
+
+ if (!parsed)
+ die("unable to parse \'%s\': no data", avcstatfile);
+
+ if (cumulative || (!cumulative && !i))
+ printf("%10u %10u %10u %10u %10u %10u\n",
+ tot.lookups, tot.hits, tot.misses,
+ tot.allocations, tot.reclaims, tot.frees);
+ else {
+ rel.lookups = tot.lookups - last.lookups;
+ rel.hits = tot.hits - last.hits;
+ rel.misses = tot.misses - last.misses;
+ rel.allocations = tot.allocations - last.allocations;
+ rel.reclaims = tot.reclaims - last.reclaims;
+ rel.frees = tot.frees - last.frees;
+ printf("%10u %10u %10u %10u %10u %10u\n",
+ rel.lookups, rel.hits, rel.misses,
+ rel.allocations, rel.reclaims, rel.frees);
+ }
+
+ if (!interval)
+ break;
+
+ memcpy(&last, &tot, sizeof(last));
+ sleep(interval);
+
+ ret = lseek(fd, 0, 0);
+ if (ret < 0)
+ die("lseek");
+ }
+
+ close(fd);
+ return 0;
+}
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/rpm_execcon.3 2004-11-19 11:21:37.534234563 -0500
@@ -0,0 +1 @@
+.so man3/getexeccon.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_media_context_path.3 2004-11-19 11:21:37.551232645 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_user_get.3 2004-11-19 11:21:37.524235691 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- libselinux-1.19.1/man/man3/getcon.3.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/getcon.3 2004-11-19 11:21:37.526235466 -0500
@@ -8,7 +8,9 @@
.br
.BI "int getprevcon(security_context_t *" context );
.br
-.BI "int getpidcon(pid_t pid, security_context_t *" context );
+.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
+.br
+.BI "int getpeercon(int " fd ", security_context_t *" context);
.SH "DESCRIPTION"
.B getcon
@@ -21,6 +23,9 @@
.B getpidcon
returns the process context for the specified PID.
+.B getpeercon
+retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.
+
.SH "RETURN VALUE"
On error -1 is returned. On success 0 is returned.
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_user_set.3 2004-11-19 11:21:37.525235579 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/getpeercon.3 2004-11-19 11:21:37.530235014 -0500
@@ -0,0 +1 @@
+.so man3/getcon.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_type_set.3 2004-11-19 11:21:37.523235804 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- libselinux-1.19.1/man/man3/get_ordered_context_list.3.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/get_ordered_context_list.3 2004-11-19 11:29:45.211209677 -0500
@@ -1,6 +1,6 @@
.TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"
.SH "NAME"
-get_ordered_context_list, get_default_context, query_user_context \- determine context(s) for user login sessions
+get_ordered_context_list, get_default_context, get_default_context_with_role, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user login sessions
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -11,10 +11,13 @@
.sp
.BI "int get_default_context(const char *" user ", security_context_t "fromcon ", security_context_t *" newcon );
.sp
+.BI "int get_default_context_with_role(const char* " user ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
+.sp
.BI "int query_user_context(security_context_t *" list ", security_context_t *" newcon );
.sp
.BI "int manual_user_enter_context(const char *" user ", security_context_t *" newcon );
-
+.sp
+.BI "int get_default_type(const char *" role ", char **" type );
.SH "DESCRIPTION"
.B get_ordered_context_list
@@ -31,14 +34,26 @@
is the same as get_ordered_context_list but only returns a single context
which has to be freed with freecon.
+.B get_default_context_with_role
+Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it, which has to be freed with freecon.
+
+NOTE get_default_context_with_role is the same as get_default_context
+except that it only returns a context with the specified role, returning
+-1 if no such context is reachable for that user.
+
.B query_user_context
takes a list of contexts, queries the user via stdin/stdout as to which context
they want, and returns a new context as selected by the user (which has to be
freed with freecon).
.B manual_user_enter_context
-allows the user to manually enter a context as a fallback if a list of
-authorized contexts could not be obtained. Caller must free via freecon.
+allows the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon.
+
+.B get_default_type
+Get the default type (domain) for 'role' and set 'type' to refer to it, which has to be freed with free.
+
+.B get_default_context_with_role
+Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it, which has to be freed with freecon.
.SH "RETURN VALUE"
0 for success and on error -1 is returned.
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_free.3 2004-11-19 11:21:37.515236707 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- libselinux-1.19.1/man/man3/getexeccon.3.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/getexeccon.3 2004-11-19 11:21:37.528235240 -0500
@@ -8,6 +8,8 @@
.BI "int getexeccon(security_context_t *" context );
.br
.BI "int setexeccon(security_context_t "context );
+.br
+.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
.SH "DESCRIPTION"
.B getexeccon
@@ -31,6 +33,11 @@
Note: Signal handlers that perform an execve must take care to
save, reset, and restore the exec context to avoid unexpected behaviors.
+.br
+
+.B rpm_execcon
+Execute a helper for rpm in an appropriate security context.
+
.SH "RETURN VALUE"
On error -1 is returned.
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_range_set.3 2004-11-19 11:21:37.519236255 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_commit_booleans.3 2004-11-19 11:21:37.535234450 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_set_boolean.3 2004-11-19 11:21:37.542233661 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_failsafe_context_path.3 2004-11-19 11:21:37.549232871 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_pending.3 2004-11-19 11:21:37.540233886 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_role_set.3 2004-11-19 11:21:37.521236030 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_range_get.3 2004-11-19 11:21:37.518236368 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_role_get.3 2004-11-19 11:21:37.520236143 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_active.3 2004-11-19 11:21:37.537234225 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_removable_context_path.3 2004-11-19 11:21:37.552232532 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/set_matchpathcon_printf.3 2004-11-19 11:21:37.555232194 -0500
@@ -0,0 +1 @@
+.so man3/matchpathcon.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_new.3 2004-11-19 11:23:54.697758320 -0500
@@ -0,0 +1,56 @@
+.TH "context_new" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+context_new, context_str, context_free, context_type_get, context_type_set, context_range_get, context_range_set,context_role_get, context_role_set, context_user_get, context_user_set \- Routines to manipulate SELinux security contexts
+
+.SH "SYNOPSIS"
+.B #include <selinux/context.h>
+.br
+.B "context_t context_new(const char *" context_str );
+.br
+.B "const char * context_str(context_t " con );
+.br
+.B "void context_free(context_t " con );
+.br
+.B "const char * context_type_get(context_t " con );
+.br
+.B "const char * context_range_get(context_t " con );
+.br
+.B "const char * context_role_get(context_t " con );
+.br
+.B "const char * context_user_get(context_t " con );
+.br
+.B "const char * context_type_set(context_t " con ", const char* " type);
+.br
+.B "const char * context_range_set(context_t " con ", const char* " range);
+.br
+.B "const char * context_role_set(context_t " con ", const char* " role );
+.br
+.B "const char * context_user_set(context_t " con ", const char* " user );
+
+.SH "DESCRIPTION"
+ Functions to deal with security contexts in user space.
+
+context_new
+ Return a new context initialized to a context string
+
+context_str
+Return a pointer to the string value of the context_t
+Valid until the next call to context_str or context_free
+for the same context_t*
+
+context_free
+Free the storage used by a context
+
+context_type_get, context_range_get, context_role_get, context_user_get
+Get a pointer to the string value of a context component
+
+NOTE: Values returned by the get functions are only valid until the next call
+to a set function or context_free() for the same context_t structure.
+
+context_type_set, context_range_set, context_role_set, context_user_set
+Set a context component
+
+.SH "RETURN VALUE"
+On success, zero is returned. On failure, -1 is returned and errno is
+set appropriately.
+
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/context_type_get.3 2004-11-19 11:21:37.522235917 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_names.3 2004-11-19 11:21:37.539233999 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_booleans_path.3 2004-11-19 11:21:37.545233322 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/checkPasswdAccess.3 2004-11-19 11:21:37.514236820 -0500
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
--- libselinux-1.19.1/man/man3/security_compute_av.3.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/security_compute_av.3 2004-11-19 11:32:59.943237946 -0500
@@ -15,6 +15,8 @@
.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
.sp
.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
+.sp
+.BI "int checkPasswdAccess(access_vector_t " requested );
.SH "DESCRIPTION"
.B security_compute_av
@@ -42,6 +44,9 @@
source context. Is mainly used by
.B get_ordered_context_list.
+.B checkPasswdAccess
+This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.
+
.SH "RETURN VALUE"
0 for success and on error -1 is returned.
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_binary_policy_path.3 2004-11-19 11:21:37.544233435 -0500
@@ -0,0 +1,75 @@
+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+selinux_binary_policy_path,selinux_failsafe_context_path,selinux_removable_context_path,selinux_default_context_path, selinux_user_contexts_path, selinux_file_context_path, selinux_media_context_path, selinux_contexts_path, selinux_booleans_path
+.sp
+These functions return the paths to specific files under the
+ policy root directory.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.br
+extern const char *selinux_binary_policy_path(void);
+.br
+extern const char *selinux_failsafe_context_path(void);
+.br
+extern const char *selinux_removable_context_path(void);
+.br
+extern const char *selinux_default_context_path(void);
+.br
+extern const char *selinux_user_contexts_path(void);
+.br
+extern const char *selinux_file_context_path(void);
+.br
+extern const char *selinux_media_context_path(void);
+.br
+extern const char *selinux_contexts_path(void);
+.br
+extern const char *selinux_booleans_path(void);
+
+
+.SH "DESCRIPTION"
+
+These functions return the paths to specific files under the
+ policy root directory.
+
+.br
+selinux_binary_policy_path
+.br
+Default Binary Policy
+.sp
+selinux_failsafe_context_path
+.br
+Default failsafe context file
+.sp
+selinux_removable_context_path
+.br
+Default removeable context file
+.sp
+selinux_default_context_path
+.br
+Default context used by login programs and daemons that assume user roles.
+.sp
+selinux_user_contexts_path
+.br
+Default user context file; used by login programs for default login context
+.sp
+selinux_file_context_path
+.br
+Default file context file used restorecon
+.sp
+selinux_media_context_path
+.br
+Default media context file use to set contexts on media devices (cdrom, floppies)
+.sp
+selinux_contexts_path
+.br
+Parent directory of context files
+.sp
+selinux_booleans_path
+.br
+Boolean file path, used by boolean manipulation tools
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_contexts_path.3 2004-11-19 11:21:37.546233209 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_file_context_path.3 2004-11-19 11:21:37.550232758 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/matchmediacon.3 2004-11-19 11:32:02.685698348 -0500
@@ -0,0 +1,26 @@
+.TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME"
+matchmediacon \- get the default security context for the specified mediatype from the policy.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
+.br
+
+.SH "DESCRIPTION"
+.br
+.B matchmediacon
+matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context.
+.sp
+.br
+.B Note:
+ Caller must free returned security context "con" using freecon.
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise.
+
+.SH Files
+/etc/selinux/POLICYTYPE/contexts/files/media
+
+.SH "SEE ALSO"
+.BR freecon "(3)
--- libselinux-1.19.1/man/man3/matchpathcon.3.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man3/matchpathcon.3 2004-11-19 11:21:37.533234676 -0500
@@ -5,17 +5,22 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);"
+.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
.br
+.BI "void set_matchpathcon_printf(void (*f)(const char *fmt, ...));"
.SH "DESCRIPTION"
.br
.B matchpathcon
matches the specified pathname and mode against the file contexts configuration and sets the security context "con" to refer to the resulting context. "mode" can be 0 to disable mode matching, but should be provided whenever possible, as it may affect the matching.
-.sp
-.br
.B Note:
Caller must free returned security context "con" using freecon.
+
+.B set_matchpathcon_printf
+
+Set the function used by matchpathcon when displaying errors about the file_contexts configuration. If not set, then this defaults to fprintf(stderr, fmt, ...).
+.sp
+.br
.SH "RETURN VALUE"
Returns 0 on success or -1 otherwise.
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/security_load_booleans.3 2004-11-19 11:35:47.204365772 -0500
@@ -0,0 +1,61 @@
+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+security_load_booleans, security_set_boolean, security_commit_booleans,
+security_get_boolean_names, security_get_boolean_active, security_get_boolean_pending
+.sp
+routines for manipulating SELinux boolean values
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+extern int security_load_booleans(char *path);
+.br
+extern int security_get_boolean_names(char ***names, int *len);
+.br
+extern int security_get_boolean_pending(const char *name);
+.br
+extern int security_get_boolean_active(const char *name);
+.br
+extern int security_set_boolean(const char *name, int value);
+.br
+extern int security_commit_booleans(void);
+
+
+.SH "DESCRIPTION"
+
+The SELinux policy can include conditional rules that are enabled or
+disabled based on the current values of a set of policy booleans.
+These policy booleans allow runtime modification of the security
+policy without having to load a new policy.
+
+The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
+
+security_load_booleans
+.br
+Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.
+
+security_get_boolean_names
+.br
+Returns a list of boolean names, currently supported by the loaded policy.
+
+security_set_boolean
+.br
+Sets the pending value for boolean
+
+security_get_boolean_pending
+.br
+Return pending value for boolean
+
+security_get_boolean_active
+.br
+Return active value for boolean
+
+security_commit_booleans
+.br
+Commit all pending values for the booleans.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+getsebool(8), booleans(8), togglesebool(8)
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_default_context_path.3 2004-11-19 11:21:37.547233097 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/get_default_context_with_role.3 2004-11-19 11:21:37.527235353 -0500
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man3/selinux_user_contexts_path.3 2004-11-19 11:21:37.554232307 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
--- libselinux-1.19.1/man/man8/getsebool.8.rhat 2004-11-09 09:14:24.000000000 -0500
+++ libselinux-1.19.1/man/man8/getsebool.8 2004-11-19 11:21:37.557231968 -0500
@@ -8,13 +8,12 @@
.SH "DESCRIPTION"
.B getsebool
-reports the current state of either a particular SELinux boolean or
-all SELinux booleans. The state consists of two values, the active
-value and the pending value. The active value indicates the value
-that is presently applied to the policy. The pending value indicates
+reports where a particular SELinux boolean or
+all SELinux booleans are active or inactive.
+In certain situations a boolean can be in one state with a pending
+change to the other state. getsebool will report this as a pending change.
+The pending value indicates
the value that will be applied upon the next boolean commit.
-Typically, these values will be the same; they only differ when in the
-middle of a boolean change transaction.
The setting of boolean values occurs in two stages; first the pending
value is changed, then the booleans are committed, causing their
--- /dev/null 2004-11-19 04:10:22.696886456 -0500
+++ libselinux-1.19.1/man/man8/avcstat.8 2004-11-19 11:21:37.556232081 -0500
@@ -0,0 +1,28 @@
+.TH "avcstat" "8" "18 Nov 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+avcstat \- Display SELinux AVC statistics
+
+.SH "SYNOPSIS"
+.B avcstat
+.I [-c] [-f status_file] [interval]
+
+.SH "DESCRIPTION"
+.B avcstat
+
+Display SELinux AVC statistics. If the interval parameter is specified, the
+program will loop, displaying updated statistics every 'interval' seconds.
+Relative values are displayed by default.
+
+.SH OPTIONS
+.TP
+.B \-c
+Display the cumulative values.
+
+.TP
+.B \-f
+Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by James Morris <jmorris@redhat.com>.
+