Menu
▾
▴
selinux-commits
|
From: <ew...@us...> - 2007-06-20 18:39:30
|
Revision: 2486
http://svn.sourceforge.net/selinux/?rev=2486&view=rev
Author: ewalsh
Date: 2007-06-20 11:39:27 -0700 (Wed, 20 Jun 2007)
Log Message:
-----------
Add man pages for new labeling and callback interfaces.
Signed-off-by: Eamon Walsh <ew...@ty...>
Modified Paths:
--------------
trunk/libselinux/man/Makefile
Added Paths:
-----------
trunk/libselinux/man/man3/selabel_close.3
trunk/libselinux/man/man3/selabel_lookup.3
trunk/libselinux/man/man3/selabel_open.3
trunk/libselinux/man/man3/selabel_stats.3
trunk/libselinux/man/man3/selinux_set_callback.3
trunk/libselinux/man/man5/
trunk/libselinux/man/man5/selabel_file.5
trunk/libselinux/man/man5/selabel_media.5
trunk/libselinux/man/man5/selabel_x.5
Modified: trunk/libselinux/man/Makefile
===================================================================
--- trunk/libselinux/man/Makefile 2007-06-20 18:35:39 UTC (rev 2485)
+++ trunk/libselinux/man/Makefile 2007-06-20 18:39:27 UTC (rev 2486)
@@ -1,10 +1,13 @@
# Installation directories.
MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
install:
mkdir -p $(MAN3DIR)
+ mkdir -p $(MAN5DIR)
mkdir -p $(MAN8DIR)
install -m 644 man3/*.3 $(MAN3DIR)
+ install -m 644 man5/*.5 $(MAN5DIR)
install -m 644 man8/*.8 $(MAN8DIR)
Added: trunk/libselinux/man/man3/selabel_close.3
===================================================================
--- trunk/libselinux/man/man3/selabel_close.3 (rev 0)
+++ trunk/libselinux/man/man3/selabel_close.3 2007-06-20 18:39:27 UTC (rev 2486)
@@ -0,0 +1 @@
+.so man3/selabel_open.3
Added: trunk/libselinux/man/man3/selabel_lookup.3
===================================================================
--- trunk/libselinux/man/man3/selabel_lookup.3 (rev 0)
+++ trunk/libselinux/man/man3/selabel_lookup.3 2007-06-20 18:39:27 UTC (rev 2486)
@@ -0,0 +1,78 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2007
+.TH "selabel_lookup" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_lookup \- obtain SELinux security context from a string label.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.br
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+.br
+.BI "const char *" key ", int " type ");"
+.in
+.sp
+.BI "int selabel_lookup_raw(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup_raw('u
+.BI "security_context_t *" context ,
+.br
+.BI "const char *" key ", int " type ");"
+
+.SH "DESCRIPTION"
+.B selabel_lookup
+performs a lookup operation on the handle
+.IR hnd ,
+returning the result in the memory pointed to by
+.IR context ,
+which must be freed by the caller using
+.BR freecon (3).
+The
+.I key
+and
+.I type
+parameters are the inputs to the lookup operation and are interpreted according to the specific backend that
+.I handle
+is open on.
+
+.B selabel_lookup_raw
+behaves identically to
+.B selabel_lookup
+but does not perform context translation.
+
+.SH "RETURN VALUE"
+On success, zero is returned. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B ENOENT
+No context corresponding to the input
+.I key
+and
+.I type
+was found.
+.TP
+.B EINVAL
+The
+.I key
+and/or
+.I type
+inputs are invalid, or the context being returned failed validation.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "AUTHOR"
+Eamon Walsh <ew...@ty...>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_stats (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
Added: trunk/libselinux/man/man3/selabel_open.3
===================================================================
--- trunk/libselinux/man/man3/selabel_open.3 (rev 0)
+++ trunk/libselinux/man/man3/selabel_open.3 2007-06-20 18:39:27 UTC (rev 2486)
@@ -0,0 +1,98 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2007
+.TH "selabel_open" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_open, selabel_close \- userspace SELinux labeling interface.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.br
+.B #include <selinux/label.h>
+.sp
+.BI "struct selabel_handle *selabel_open(int " backend ,
+.in +\w'struct selabel_handle *selabel_open('u
+.BI "struct selinux_opt *" options ,
+.br
+.BI "unsigned " nopt ");"
+.in
+.sp
+.BI "void selabel_close(struct selabel_handle *" hnd ");"
+
+.SH "DESCRIPTION"
+.B selabel_open
+is used to initialize a labeling handle to be used for lookup operations. The
+.I backend
+argument specifies which backend is to be opened; the list of current backends appears in
+.B BACKENDS
+below.
+
+The
+.I options
+argument should be NULL or a pointer to an array of
+.B selinux_opt
+structures of length
+.IR nopt :
+
+.RS
+.ta 4n 16n 24n
+.nf
+struct selinux_opt {
+ int type;
+ const char *value;
+};
+.fi
+.ta
+.RE
+
+The available option types are described in
+.B GLOBAL OPTIONS
+below as well as in the documentation for each individual backend. The return value on success is a non-NULL value for use in subsequent label operations.
+
+.B selabel_close
+terminates use of a handle, freeing any internal resources associated with it. After this call has been made, the handle must not be used again.
+
+.SH "GLOBAL OPTIONS"
+Global options which may be passed to
+.B selabel_open
+include the following:
+
+.TP
+.B SELABEL_OPT_UNUSED
+The option with a type code of zero is a no-op. Thus an array of options may be initizalized to zero and any untouched elements will not cause an error.
+.TP
+.B SELABEL_OPT_VALIDATE
+A non-null value for this option enables context validation. By default,
+.BR security_check_context (3)
+is used; a custom validation function can be provided via
+.BR selinux_set_callback (3).
+Note that an invalid context may not be treated as an error unless it is actually encountered during a lookup operation.
+
+.SH "BACKENDS"
+
+.TP
+.B SELABEL_CTX_FILE
+File contexts backend, described in
+.BR selabel_file (3).
+.TP
+.B SELABEL_CTX_MEDIA
+Media contexts backend, described in
+.BR selabel_media (3).
+.TP
+.B SELABEL_CTX_X
+X Windows contexts backend, described in
+.BR selabel_x (3).
+
+.SH "RETURN VALUE"
+A non-NULL handle value is returned on success. On error, NULL is returned and
+.I errno
+is set appropriately.
+
+.SH "AUTHOR"
+Eamon Walsh <ew...@ty...>
+
+.SH "SEE ALSO"
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
Added: trunk/libselinux/man/man3/selabel_stats.3
===================================================================
--- trunk/libselinux/man/man3/selabel_stats.3 (rev 0)
+++ trunk/libselinux/man/man3/selabel_stats.3 2007-06-20 18:39:27 UTC (rev 2486)
@@ -0,0 +1,35 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2007
+.TH "selabel_stats" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_stats \- obtain SELinux labeling statistics.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.br
+.B #include <selinux/label.h>
+.sp
+.BI "void selabel_lookup(struct selabel_handle *" hnd ");"
+
+.SH "DESCRIPTION"
+.B selabel_stats
+causes zero or more messages to be printed containing backend-specific information about number of queries performed, number of unused entries, or other operational information.
+
+The messages are printed to standard error by default; a custom logging function can be provided via
+.BR selinux_set_callback (3).
+
+.SH "RETURN VALUE"
+None.
+
+.SH "ERRORS"
+None.
+
+.SH "AUTHOR"
+Eamon Walsh <ew...@ty...>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
Added: trunk/libselinux/man/man3/selinux_set_callback.3
===================================================================
--- trunk/libselinux/man/man3/selinux_set_callback.3 (rev 0)
+++ trunk/libselinux/man/man3/selinux_set_callback.3 2007-06-20 18:39:27 UTC (rev 2486)
@@ -0,0 +1,95 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2007
+.TH "selinux_set_callback" "3" "20 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selinux_set_callback \- userspace SELinux callback facilities.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "void selinux_set_callback(int " type ", union selinux_callback " callback ");"
+
+.SH "DESCRIPTION"
+.B selinux_set_callback
+sets the callback indicated by
+.I type
+to the value of
+.IR callback ,
+which should be passed as a function pointer cast to type
+.B union
+.BR selinux_callback .
+
+All callback functions should return a negative value with
+.I errno
+set appropriately on error.
+
+The available values for
+.I type
+are:
+.TP
+.B SELABEL_CB_LOG
+.BI "int (*" func_log ") (int " type ", const char *" fmt ", ...);"
+
+This callback is used for logging and should process the
+.BR printf (3)
+style
+.I fmt
+string and arguments as appropriate. The
+.I type
+argument indicates the type of message and will be set to one of the following:
+
+.B SELINUX_ERROR
+.br
+.B SELINUX_WARNING
+.br
+.B SELINUX_INFO
+.br
+.B SELINUX_AVC
+
+.TP
+.B SELABEL_CB_AUDIT
+.BI "int (*" func_audit ") (void *" auditdata ", security_class_t " cls ,
+.in +\w'int (*func_audit) ('u
+.BI "char *" msgbuf ", size_t " msgbufsize ");"
+.in
+
+This callback is used for supplemental auditing in AVC messages. The
+.I auditdata
+and
+.I cls
+arguments are the values passed to
+.BR avc_has_perm (3).
+A human-readable interpretation should be printed to
+.I msgbuf
+using no more than
+.I msgbufsize
+characters.
+
+.TP
+.B SELABEL_CB_VALIDATE
+.BI "int (*" func_validate ") (security_context_t *" ctx ");"
+
+This callback is used for context validation. The callback may optionally modify the input context by setting the target of the
+.I ctx
+pointer to a new context. In this case, the old value should be freed with
+.BR freecon (3).
+The value of
+.I errno
+should be set to
+.B EINVAL
+to indicate an invalid context.
+
+.SH "RETURN VALUE"
+None.
+
+.SH "ERRORS"
+None.
+
+.SH "AUTHOR"
+Eamon Walsh <ew...@ty...>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR avc_init (3),
+.BR selinux (8)
+
Added: trunk/libselinux/man/man5/selabel_file.5
===================================================================
--- trunk/libselinux/man/man5/selabel_file.5 (rev 0)
+++ trunk/libselinux/man/man5/selabel_file.5 2007-06-20 18:39:27 UTC (rev 2486)
@@ -0,0 +1,48 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2007
+.TH "selabel_file" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_file \- userspace SELinux labeling interface: file contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.br
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+.br
+.BI "const char *" path ", int " mode ");"
+
+.SH "DESCRIPTION"
+The file contexts backend maps from pathname/mode combinations into security contexts. It is used to find the appropriate context for each file when relabeling a file system.
+
+The
+.I path
+argument should be set to the full pathname of the file whose assigned context is being checked. The
+.I mode
+argument should be set to the mode bits of the file, as determined by
+.BR lstat (2).
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard file contexts file. This value is also used as the base name for determining the names of local customization files.
+.TP
+.B SELABEL_OPT_BASEONLY
+A non-null value for this option indicates that any local customizations to the file contexts mapping should be ignored.
+.TP
+.B SELABEL_OPT_SUBSET
+A non-null value for this option is interpreted as a path prefix, for example "/etc". Only file context specifications starting with the given prefix are loaded. This may increase lookup performance, however any attempt to look up a path not starting with the given prefix will fail.
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
Added: trunk/libselinux/man/man5/selabel_media.5
===================================================================
--- trunk/libselinux/man/man5/selabel_media.5 (rev 0)
+++ trunk/libselinux/man/man5/selabel_media.5 2007-06-20 18:39:27 UTC (rev 2486)
@@ -0,0 +1,37 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2007
+.TH "selabel_media" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_media \- userspace SELinux labeling interface: media contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.br
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+.br
+.BI "const char *" device_name ", int " unused ");"
+
+.SH "DESCRIPTION"
+The media contexts backend maps from media device names such as "cdrom" or "floppy" into security contexts. It is used to find the appropriate context for establishing context mounts on these devices.
+
+The integer lookup argument is currently unused and should be set to zero.
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard media contexts file.
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
Added: trunk/libselinux/man/man5/selabel_x.5
===================================================================
--- trunk/libselinux/man/man5/selabel_x.5 (rev 0)
+++ trunk/libselinux/man/man5/selabel_x.5 2007-06-20 18:39:27 UTC (rev 2486)
@@ -0,0 +1,54 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2007
+.TH "selabel_x" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_x \- userspace SELinux labeling interface: X Window System contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.br
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+.br
+.BI "const char *" object_name ", int " object_type ");"
+
+.SH "DESCRIPTION"
+The X contexts backend maps from X Window System object names into security contexts. It is used to find the appropriate context for X Window System objects whose significance and/or usage semantics are determined primarily by name. This backend is also used to determine the default context for labeling remotely connected X clients.
+
+The
+.I object_type
+argument should be set to one of the following values:
+.TP
+.B SELABEL_X_PROP
+The
+.I object_name
+argument specifies the name of a window property, such as "WM_NAME".
+.TP
+.B SELABEL_X_EXT
+The
+.I object_name
+argument specifies the name of a protocol extension, such as "RENDER".
+.TP
+.B SELABEL_X_CLIENT
+The
+.I object_name
+argument is ignored and should be set to NULL. The default context for labeling remote X clients is returned.
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard X contexts file.
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2007-06-20 19:20:54
|
Revision: 2488
http://svn.sourceforge.net/selinux/?rev=2488&view=rev
Author: ewalsh
Date: 2007-06-20 12:20:47 -0700 (Wed, 20 Jun 2007)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux: minor man page fixes
Date: Wed, 20 Jun 2007 15:10:20 -0400
Converts occurrences of 'SE Linux' to SELinux, corrects my
e-mail address.
The patch has very long lines.
Signed-off-by: Eamon Walsh <ew...@ty...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/man/man3/avc_add_callback.3
trunk/libselinux/man/man3/avc_cache_stats.3
trunk/libselinux/man/man3/avc_compute_create.3
trunk/libselinux/man/man3/avc_context_to_sid.3
trunk/libselinux/man/man3/avc_has_perm.3
trunk/libselinux/man/man3/avc_init.3
trunk/libselinux/man/man3/freecon.3
trunk/libselinux/man/man3/get_ordered_context_list.3
trunk/libselinux/man/man3/getcon.3
trunk/libselinux/man/man3/getexeccon.3
trunk/libselinux/man/man3/getfilecon.3
trunk/libselinux/man/man3/getfscreatecon.3
trunk/libselinux/man/man3/getseuserbyname.3
trunk/libselinux/man/man3/is_selinux_enabled.3
trunk/libselinux/man/man3/matchmediacon.3
trunk/libselinux/man/man3/matchpathcon.3
trunk/libselinux/man/man3/security_check_context.3
trunk/libselinux/man/man3/security_class_to_string.3
trunk/libselinux/man/man3/security_compute_av.3
trunk/libselinux/man/man3/security_getenforce.3
trunk/libselinux/man/man3/security_load_policy.3
trunk/libselinux/man/man3/security_policyvers.3
trunk/libselinux/man/man3/selinux_check_securetty_context.3
trunk/libselinux/man/man3/selinux_getenforcemode.3
trunk/libselinux/man/man3/selinux_policy_root.3
trunk/libselinux/man/man3/setfilecon.3
trunk/libselinux/man/man8/matchpathcon.8
Modified: trunk/libselinux/man/man3/avc_add_callback.3
===================================================================
--- trunk/libselinux/man/man3/avc_add_callback.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/avc_add_callback.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
-.\" Author: Eamon Walsh (ew...@ep...) 2004
-.TH "avc_add_callback" "3" "9 June 2004" "" "SE Linux API documentation"
+.\" Author: Eamon Walsh (ew...@ty...) 2004
+.TH "avc_add_callback" "3" "9 June 2004" "" "SELinux API documentation"
.SH "NAME"
avc_add_callback \- additional event notification for SELinux userspace object managers.
.SH "SYNOPSIS"
@@ -173,7 +173,7 @@
.BR AVC_CALLBACK_RESET .
.SH "AUTHOR"
-Eamon Walsh <ew...@ep...>
+Eamon Walsh <ew...@ty...>
.SH "SEE ALSO"
.BR avc_init (3),
Modified: trunk/libselinux/man/man3/avc_cache_stats.3
===================================================================
--- trunk/libselinux/man/man3/avc_cache_stats.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/avc_cache_stats.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
-.\" Author: Eamon Walsh (ew...@ep...) 2004
-.TH "avc_cache_stats" "3" "27 May 2004" "" "SE Linux API documentation"
+.\" Author: Eamon Walsh (ew...@ty...) 2004
+.TH "avc_cache_stats" "3" "27 May 2004" "" "SELinux API documentation"
.SH "NAME"
avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
.SH "SYNOPSIS"
@@ -89,7 +89,7 @@
is made before the cache is flushed.
.SH "AUTHOR"
-Eamon Walsh <ew...@ep...>
+Eamon Walsh <ew...@ty...>
.SH "SEE ALSO"
.BR avc_init (3),
Modified: trunk/libselinux/man/man3/avc_compute_create.3
===================================================================
--- trunk/libselinux/man/man3/avc_compute_create.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/avc_compute_create.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
.\" Author: Eamon Walsh (ew...@ty...) 2007
-.TH "avc_compute_create" "3" "30 Mar 2007" "" "SE Linux API documentation"
+.TH "avc_compute_create" "3" "30 Mar 2007" "" "SELinux API documentation"
.SH "NAME"
avc_compute_create \- obtain SELinux label for new object.
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/avc_context_to_sid.3
===================================================================
--- trunk/libselinux/man/man3/avc_context_to_sid.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/avc_context_to_sid.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
-.\" Author: Eamon Walsh (ew...@ep...) 2004
-.TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation"
+.\" Author: Eamon Walsh (ew...@ty...) 2004
+.TH "avc_context_to_sid" "3" "27 May 2004" "" "SELinux API documentation"
.SH "NAME"
avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
.SH "SYNOPSIS"
@@ -86,7 +86,7 @@
will be called on a SID when its object is destroyed. Proper reference counting is necessary to ensure that SID's and associated cache entries are reclaimed from memory when no longer needed.
.SH "AUTHOR"
-Eamon Walsh <ew...@ep...>
+Eamon Walsh <ew...@ty...>
.SH "SEE ALSO"
.BR avc_init (3),
Modified: trunk/libselinux/man/man3/avc_has_perm.3
===================================================================
--- trunk/libselinux/man/man3/avc_has_perm.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/avc_has_perm.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
-.\" Author: Eamon Walsh (ew...@ep...) 2004
-.TH "avc_has_perm" "3" "27 May 2004" "" "SE Linux API documentation"
+.\" Author: Eamon Walsh (ew...@ty...) 2004
+.TH "avc_has_perm" "3" "27 May 2004" "" "SELinux API documentation"
.SH "NAME"
avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
.SH "SYNOPSIS"
@@ -144,7 +144,7 @@
netlink by the policy.
.SH "AUTHOR"
-Eamon Walsh <ew...@ep...>
+Eamon Walsh <ew...@ty...>
.SH "SEE ALSO"
.BR avc_init (3),
Modified: trunk/libselinux/man/man3/avc_init.3
===================================================================
--- trunk/libselinux/man/man3/avc_init.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/avc_init.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
-.\" Author: Eamon Walsh (ew...@ep...) 2004
-.TH "avc_init" "3" "27 May 2004" "" "SE Linux API documentation"
+.\" Author: Eamon Walsh (ew...@ty...) 2004
+.TH "avc_init" "3" "27 May 2004" "" "SELinux API documentation"
.SH "NAME"
avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
.SH "SYNOPSIS"
@@ -201,7 +201,7 @@
is called.
.SH "AUTHOR"
-Eamon Walsh <ew...@ep...>
+Eamon Walsh <ew...@ty...>
.SH "SEE ALSO"
.BR avc_has_perm (3),
Modified: trunk/libselinux/man/man3/freecon.3
===================================================================
--- trunk/libselinux/man/man3/freecon.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/freecon.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "freecon" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "freecon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
freecon, freeconary \- free memory associated with SELinux security contexts.
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/get_ordered_context_list.3
===================================================================
--- trunk/libselinux/man/man3/get_ordered_context_list.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/get_ordered_context_list.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "get_ordered_context_list" "3" "1 January 2004" "ru...@co..." "SE Linux"
+.TH "get_ordered_context_list" "3" "1 January 2004" "ru...@co..." "SELinux"
.SH "NAME"
get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions
Modified: trunk/libselinux/man/man3/getcon.3
===================================================================
--- trunk/libselinux/man/man3/getcon.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/getcon.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "getcon" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "getcon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
getcon, getprevcon, getpidcon \- get SELinux security context of a process.
.br
Modified: trunk/libselinux/man/man3/getexeccon.3
===================================================================
--- trunk/libselinux/man/man3/getexeccon.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/getexeccon.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "getexeccon" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "getexeccon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
.br
Modified: trunk/libselinux/man/man3/getfilecon.3
===================================================================
--- trunk/libselinux/man/man3/getfilecon.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/getfilecon.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "getfilecon" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "getfilecon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
getfilecon, fgetfilecon, lgetfilecon \- get SELinux security context of a file
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/getfscreatecon.3
===================================================================
--- trunk/libselinux/man/man3/getfscreatecon.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/getfscreatecon.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "getfscreatecon" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "getfscreatecon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object.
Modified: trunk/libselinux/man/man3/getseuserbyname.3
===================================================================
--- trunk/libselinux/man/man3/getseuserbyname.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/getseuserbyname.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "getseuserbyname" "3" "29 September 2005" "dw...@re..." "SE Linux API documentation"
+.TH "getseuserbyname" "3" "29 September 2005" "dw...@re..." "SELinux API documentation"
.SH "NAME"
getseuserbyname \- get SELinux username and level for a given Linux username
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/is_selinux_enabled.3
===================================================================
--- trunk/libselinux/man/man3/is_selinux_enabled.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/is_selinux_enabled.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "is_selinux_enabled" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "is_selinux_enabled" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
is_selinux_enabled \- check whether SELinux is enabled
.SH "SYNOPSIS"
@@ -8,7 +8,7 @@
.SH "DESCRIPTION"
.B is_selinux_enabled
-returns 1 if SE Linux is running or 0 if it is not. May change soon.
+returns 1 if SELinux is running or 0 if it is not. May change soon.
.SH "SEE ALSO"
.BR selinux "(8)"
Modified: trunk/libselinux/man/man3/matchmediacon.3
===================================================================
--- trunk/libselinux/man/man3/matchmediacon.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/matchmediacon.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "matchmediacon" "3" "15 November 2004" "dw...@re..." "SE Linux API documentation"
+.TH "matchmediacon" "3" "15 November 2004" "dw...@re..." "SELinux API documentation"
.SH "NAME"
matchmediacon \- get the default SELinux security context for the specified mediatype from the policy.
Modified: trunk/libselinux/man/man3/matchpathcon.3
===================================================================
--- trunk/libselinux/man/man3/matchpathcon.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/matchpathcon.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "matchpathcon" "3" "16 March 2005" "sd...@ty..." "SE Linux API documentation"
+.TH "matchpathcon" "3" "16 March 2005" "sd...@ty..." "SELinux API documentation"
.SH "NAME"
matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
Modified: trunk/libselinux/man/man3/security_check_context.3
===================================================================
--- trunk/libselinux/man/man3/security_check_context.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/security_check_context.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "security_check_context" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "security_check_context" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
security_check_context \- check the validity of a SELinux context
.SH "SYNOPSIS"
@@ -8,7 +8,7 @@
.SH "DESCRIPTION"
.B security_check_context
-returns 0 if SE Linux is running and the context is valid, otherwise it
+returns 0 if SELinux is running and the context is valid, otherwise it
returns -1.
.SH "SEE ALSO"
Modified: trunk/libselinux/man/man3/security_class_to_string.3
===================================================================
--- trunk/libselinux/man/man3/security_class_to_string.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/security_class_to_string.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,7 +1,7 @@
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
.\" Author: Eamon Walsh (ew...@ty...) 2007
-.TH "security_class_to_string" "3" "30 Mar 2007" "" "SE Linux API documentation"
+.TH "security_class_to_string" "3" "30 Mar 2007" "" "SELinux API documentation"
.SH "NAME"
security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string \- convert
between SELinux class and permission values and string names.
Modified: trunk/libselinux/man/man3/security_compute_av.3
===================================================================
--- trunk/libselinux/man/man3/security_compute_av.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/security_compute_av.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "security_compute_av" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "security_compute_av" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
security_compute_av, security_compute_create, security_compute_relabel,
security_compute_user, security_get_initial_context \- query
Modified: trunk/libselinux/man/man3/security_getenforce.3
===================================================================
--- trunk/libselinux/man/man3/security_getenforce.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/security_getenforce.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "security_getenforce" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "security_getenforce" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
.SH "SYNOPSIS"
@@ -10,11 +10,11 @@
.SH "DESCRIPTION"
.B security_getenforce
-returns 0 if SE Linux is running in permissive mode, 1 if it is running in
+returns 0 if SELinux is running in permissive mode, 1 if it is running in
enforcing mode, and -1 on error.
.B security_setenforce
-sets SE Linux to enforcing mode if the value 1 is passed in, and sets it to
+sets SELinux to enforcing mode if the value 1 is passed in, and sets it to
permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
returned.
Modified: trunk/libselinux/man/man3/security_load_policy.3
===================================================================
--- trunk/libselinux/man/man3/security_load_policy.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/security_load_policy.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "security_load_policy" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "security_load_policy" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
security_load_policy \- load a new SELinux policy
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/security_policyvers.3
===================================================================
--- trunk/libselinux/man/man3/security_policyvers.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/security_policyvers.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "security_policyvers" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "security_policyvers" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
security_policyvers \- get the version of the SELinux policy
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/selinux_check_securetty_context.3
===================================================================
--- trunk/libselinux/man/man3/selinux_check_securetty_context.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/selinux_check_securetty_context.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "selinux_check_securetty_context" "3" "1 January 2007" "dw...@re..." "SE Linux API documentation"
+.TH "selinux_check_securetty_context" "3" "1 January 2007" "dw...@re..." "SELinux API documentation"
.SH "NAME"
selinux_check_securetty_context \- check whether a SELinux tty security context is defined as a securetty context
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/selinux_getenforcemode.3
===================================================================
--- trunk/libselinux/man/man3/selinux_getenforcemode.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/selinux_getenforcemode.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "selinux_getenforcemode" "3" "25 May 2004" "dw...@re..." "SE Linux API documentation"
+.TH "selinux_getenforcemode" "3" "25 May 2004" "dw...@re..." "SELinux API documentation"
.SH "NAME"
selinux_getenforcemode \- get the enforcing state of SELinux
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/selinux_policy_root.3
===================================================================
--- trunk/libselinux/man/man3/selinux_policy_root.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/selinux_policy_root.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "selinux_policy_root" "3" "25 May 2004" "dw...@re..." "SE Linux API documentation"
+.TH "selinux_policy_root" "3" "25 May 2004" "dw...@re..." "SELinux API documentation"
.SH "NAME"
selinux_policy_root \- return the path of the SELinux policy files for this machine.
.SH "SYNOPSIS"
Modified: trunk/libselinux/man/man3/setfilecon.3
===================================================================
--- trunk/libselinux/man/man3/setfilecon.3 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man3/setfilecon.3 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "setfilecon" "3" "1 January 2004" "ru...@co..." "SE Linux API documentation"
+.TH "setfilecon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file
Modified: trunk/libselinux/man/man8/matchpathcon.8
===================================================================
--- trunk/libselinux/man/man8/matchpathcon.8 2007-06-20 18:42:48 UTC (rev 2487)
+++ trunk/libselinux/man/man8/matchpathcon.8 2007-06-20 19:20:47 UTC (rev 2488)
@@ -1,4 +1,4 @@
-.TH "matchpathcon" "8" "21 April 2005" "dw...@re..." "SE Linux Command Line documentation"
+.TH "matchpathcon" "8" "21 April 2005" "dw...@re..." "SELinux Command Line documentation"
.SH "NAME"
matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2007-07-25 14:20:44
|
Revision: 2501
http://selinux.svn.sourceforge.net/selinux/?rev=2501&view=rev
Author: ssmalley
Date: 2007-07-25 07:20:41 -0700 (Wed, 25 Jul 2007)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: libselinux man page changes to make translations easier.
Date: Wed, 11 Jul 2007 10:48:39 -0400
Fixes
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=221208
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/man/man3/avc_add_callback.3
trunk/libselinux/man/man3/avc_cache_stats.3
trunk/libselinux/man/man3/avc_compute_create.3
trunk/libselinux/man/man3/avc_context_to_sid.3
trunk/libselinux/man/man3/avc_has_perm.3
trunk/libselinux/man/man3/avc_init.3
trunk/libselinux/man/man3/context_new.3
trunk/libselinux/man/man3/freecon.3
trunk/libselinux/man/man3/get_ordered_context_list.3
trunk/libselinux/man/man3/getcon.3
trunk/libselinux/man/man3/getexeccon.3
trunk/libselinux/man/man3/getfilecon.3
trunk/libselinux/man/man3/getfscreatecon.3
trunk/libselinux/man/man3/getseuserbyname.3
trunk/libselinux/man/man3/is_context_customizable.3
trunk/libselinux/man/man3/matchmediacon.3
trunk/libselinux/man/man3/matchpathcon.3
trunk/libselinux/man/man3/security_class_to_string.3
trunk/libselinux/man/man3/security_compute_av.3
trunk/libselinux/man/man3/security_getenforce.3
trunk/libselinux/man/man3/security_load_booleans.3
trunk/libselinux/man/man3/selabel_lookup.3
trunk/libselinux/man/man3/selabel_open.3
trunk/libselinux/man/man3/selabel_stats.3
trunk/libselinux/man/man3/selinux_binary_policy_path.3
trunk/libselinux/man/man3/selinux_getenforcemode.3
trunk/libselinux/man/man3/selinux_policy_root.3
trunk/libselinux/man/man3/selinux_set_callback.3
trunk/libselinux/man/man3/setfilecon.3
trunk/libselinux/man/man5/selabel_file.5
trunk/libselinux/man/man5/selabel_media.5
trunk/libselinux/man/man5/selabel_x.5
trunk/libselinux/man/man8/matchpathcon.8
trunk/libselinux/man/man8/selinux.8
Modified: trunk/libselinux/man/man3/avc_add_callback.3
===================================================================
--- trunk/libselinux/man/man3/avc_add_callback.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/avc_add_callback.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,26 +6,26 @@
avc_add_callback \- additional event notification for SELinux userspace object managers.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
.in +\w'int avc_add_callback(int (*callback)('u
.BI "security_id_t " ssid ,
-.br
+
.BI "security_id_t " tsid ,
-.br
+
.BI "security_class_t " tclass ,
-.br
+
.BI "access_vector_t " perms ,
-.br
+
.BI "access_vector_t *" out_retained "),"
.in
.in +\w'int avc_add_callback('u
.BI "uint32_t " events ", security_id_t " ssid ,
-.br
+
.BI "security_id_t " tsid ", security_class_t " tclass ,
-.br
+
.BI "access_vector_t " perms ");"
.in
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man3/avc_cache_stats.3
===================================================================
--- trunk/libselinux/man/man3/avc_cache_stats.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/avc_cache_stats.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,7 +6,7 @@
avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "void avc_av_stats(void);"
Modified: trunk/libselinux/man/man3/avc_compute_create.3
===================================================================
--- trunk/libselinux/man/man3/avc_compute_create.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/avc_compute_create.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,7 +6,7 @@
avc_compute_create \- obtain SELinux label for new object.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
Modified: trunk/libselinux/man/man3/avc_context_to_sid.3
===================================================================
--- trunk/libselinux/man/man3/avc_context_to_sid.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/avc_context_to_sid.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,7 +6,7 @@
avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
Modified: trunk/libselinux/man/man3/avc_has_perm.3
===================================================================
--- trunk/libselinux/man/man3/avc_has_perm.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/avc_has_perm.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,7 +6,7 @@
avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
@@ -14,21 +14,21 @@
.BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'int avc_has_perm('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
.in
.sp
.BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'int avc_has_perm('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
.in
.sp
.BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
.in +\w'void avc_audit('u
.BI "security_class_t " tclass ", access_vector_t " requested ,
-.br
+
.BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
.in
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man3/avc_init.3
===================================================================
--- trunk/libselinux/man/man3/avc_init.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/avc_init.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,17 +6,17 @@
avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/avc.h>
.sp
.BI "int avc_init(const char *" msgprefix ,
.in +\w'int avc_init('u
.BI "const struct avc_memory_callback *" mem_callbacks ,
-.br
+
.BI "const struct avc_log_callback *" log_callbacks ,
-.br
+
.BI "const struct avc_thread_callback *" thread_callbacks ,
-.br
+
.BI "const struct avc_lock_callback *" lock_callbacks ");"
.in
.sp
Modified: trunk/libselinux/man/man3/context_new.3
===================================================================
--- trunk/libselinux/man/man3/context_new.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/context_new.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -4,27 +4,27 @@
.SH "SYNOPSIS"
.B #include <selinux/context.h>
-.br
+
.B "context_t context_new(const char *" context_str );
-.br
+
.B "const char * context_str(context_t " con );
-.br
+
.B "void context_free(context_t " con );
-.br
+
.B "const char * context_type_get(context_t " con );
-.br
+
.B "const char * context_range_get(context_t " con );
-.br
+
.B "const char * context_role_get(context_t " con );
-.br
+
.B "const char * context_user_get(context_t " con );
-.br
+
.B "const char * context_type_set(context_t " con ", const char* " type);
-.br
+
.B "const char * context_range_set(context_t " con ", const char* " range);
-.br
+
.B "const char * context_role_set(context_t " con ", const char* " role );
-.br
+
.B "const char * context_user_set(context_t " con ", const char* " user );
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man3/freecon.3
===================================================================
--- trunk/libselinux/man/man3/freecon.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/freecon.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -5,7 +5,7 @@
.B #include <selinux/selinux.h>
.sp
.BI "void freecon(security_context_t "con );
-.br
+
.BI "void freeconary(security_context_t *" con );
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man3/get_ordered_context_list.3
===================================================================
--- trunk/libselinux/man/man3/get_ordered_context_list.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/get_ordered_context_list.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -4,7 +4,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/get_context_list.h>
.sp
.BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
Modified: trunk/libselinux/man/man3/getcon.3
===================================================================
--- trunk/libselinux/man/man3/getcon.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/getcon.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -1,21 +1,21 @@
.TH "getcon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
getcon, getprevcon, getpidcon \- get SELinux security context of a process.
-.br
+
getpeercon - get security context of a peer socket.
-.br
+
setcon - set current security context of a process.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int getcon(security_context_t *" context );
-.br
+
.BI "int getprevcon(security_context_t *" context );
-.br
+
.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
-.br
+
.BI "int getpeercon(int " fd ", security_context_t *" context);
-.br
+
.BI "int setcon(security_context_t " context);
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man3/getexeccon.3
===================================================================
--- trunk/libselinux/man/man3/getexeccon.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/getexeccon.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -1,16 +1,16 @@
.TH "getexeccon" "3" "1 January 2004" "ru...@co..." "SELinux API documentation"
.SH "NAME"
getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
-.br
+
rpm_execcon \- run a helper for rpm in an appropriate security context
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int getexeccon(security_context_t *" context );
-.br
+
.BI "int setexeccon(security_context_t "context );
-.br
+
.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
.SH "DESCRIPTION"
@@ -26,17 +26,17 @@
setexeccon to reset to the default policy behavior.
The exec context is automatically reset after the next execve, so a
program doesn't need to explicitly sanitize it upon startup.
-.br
+
setexeccon can be applied prior to library
functions that internally perform an execve, e.g. execl*, execv*, popen,
in order to set an exec context for that operation.
-.br
+
Note: Signal handlers that perform an execve must take care to
save, reset, and restore the exec context to avoid unexpected behaviors.
-.br
+
.B rpm_execcon
runs a helper for rpm in an appropriate security context. The
verified parameter should contain the return code from the signature
Modified: trunk/libselinux/man/man3/getfilecon.3
===================================================================
--- trunk/libselinux/man/man3/getfilecon.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/getfilecon.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -5,9 +5,9 @@
.B #include <selinux/selinux.h>
.sp
.BI "int getfilecon(const char *" path ", security_context_t *" con );
-.br
+
.BI "int lgetfilecon(const char *" path ", security_context_t *" con );
-.br
+
.BI "int fgetfilecon(int "fd ", security_context_t *" con );
.SH "DESCRIPTION"
.B getfilecon
@@ -22,7 +22,6 @@
is identical to getfilecon, only the open file pointed to by filedes (as
returned by open(2)) is interrogated in place of path.
-.br
The returned context should be freed with freecon if non-NULL.
.SH "RETURN VALUE"
Modified: trunk/libselinux/man/man3/getfscreatecon.3
===================================================================
--- trunk/libselinux/man/man3/getfscreatecon.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/getfscreatecon.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,7 +6,7 @@
.B #include <selinux/selinux.h>
.sp
.BI "int getfscreatecon(security_context_t *" con );
-.br
+
.BI "int setfscreatecon(security_context_t "context );
.SH "DESCRIPTION"
@@ -22,12 +22,12 @@
setfscreatecon to reset to the default policy behavior.
The fscreate context is automatically reset after the next execve, so a
program doesn't need to explicitly sanitize it upon startup.
-.br
+
setfscreatecon can be applied prior to library
functions that internally perform an file creation,
in order to set an file context on the objects.
-.br
+
Note: Signal handlers that perform an setfscreate must take care to
save, reset, and restore the fscreate context to avoid unexpected behaviors.
.SH "RETURN VALUE"
Modified: trunk/libselinux/man/man3/getseuserbyname.3
===================================================================
--- trunk/libselinux/man/man3/getseuserbyname.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/getseuserbyname.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -12,8 +12,8 @@
then be passed to other libselinux functions such as
get_ordered_context_list_with_level and get_default_context_with_level.
-.br
+
The returned SELinux username and level should be freed by the caller
using free.
.SH "RETURN VALUE"
Modified: trunk/libselinux/man/man3/is_context_customizable.3
===================================================================
--- trunk/libselinux/man/man3/is_context_customizable.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/is_context_customizable.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -8,7 +8,7 @@
.SH "DESCRIPTION"
.B is_context_customizable
-.br
+
This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
Modified: trunk/libselinux/man/man3/matchmediacon.3
===================================================================
--- trunk/libselinux/man/man3/matchmediacon.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/matchmediacon.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,14 +6,14 @@
.B #include <selinux/selinux.h>
.sp
.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
-.br
+
.SH "DESCRIPTION"
-.br
+
.B matchmediacon
matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context.
.sp
-.br
+
.B Note:
Caller must free returned security context "con" using freecon.
.SH "RETURN VALUE"
Modified: trunk/libselinux/man/man3/matchpathcon.3
===================================================================
--- trunk/libselinux/man/man3/matchpathcon.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/matchpathcon.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,18 +6,18 @@
.B #include <selinux/selinux.h>
.sp
.BI "int matchpathcon_init(const char *" path ");"
-.br
+
.BI "int matchpathcon_fini(void);"
-.br
+
.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
.sp
-.br
+
.BI "void set_matchpathcon_printf(void (*" f ")(const char *" fmt ", ...));"
-.br
+
.BI "void set_matchpathcon_invalidcon(int (*" f ")(const char *"path ", unsigned " lineno ", char * " context "));"
-.br
+
.BI "void set_matchpathcon_flags(unsigned int " flags ");"
-.br
+
.SH "DESCRIPTION"
.B matchpathcon_init
loads the file contexts configuration specified by
@@ -40,7 +40,7 @@
suffix are also looked up and loaded if present. These files provide
dynamically generated entries for user home directories and for local
customizations.
-.br
+
.sp
.B matchpathcon_fini
frees the memory allocated by a prior call to
@@ -49,7 +49,7 @@
.B matchpathcon_init
calls, or to free memory when finished using
.B matchpathcon.
-.br
+
.sp
.B matchpathcon
matches the specified pathname and mode against the file contexts
@@ -72,14 +72,14 @@
.I path,
defaulting to the active file contexts configuration.
.sp
-.br
+
.B set_matchpathcon_printf
sets the function used by
.B matchpathcon_init
when displaying errors about the file contexts configuration. If not set,
then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect
error reporting to a different destination.
-.br
+
.sp
.B set_matchpathcon_invalidcon
sets the function used by
@@ -100,7 +100,7 @@
and
.I lineno
in such error messages.
-.br
+
.sp
.B set_matchpathcon_flags
sets flags controlling the operation of
@@ -111,7 +111,7 @@
.B MATCHPATHCON_BASEONLY
flag is set, then only the base file contexts configuration file
will be processed, not any dynamically generated entries or local customizations.
-.br
+
.sp
.SH "RETURN VALUE"
Returns 0 on success or -1 otherwise.
Modified: trunk/libselinux/man/man3/security_class_to_string.3
===================================================================
--- trunk/libselinux/man/man3/security_class_to_string.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/security_class_to_string.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -8,7 +8,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/flask.h>
.sp
.BI "const char * security_class_to_string(security_class_t " tclass ");"
Modified: trunk/libselinux/man/man3/security_compute_av.3
===================================================================
--- trunk/libselinux/man/man3/security_compute_av.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/security_compute_av.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,7 +6,7 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/flask.h>
.sp
.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
Modified: trunk/libselinux/man/man3/security_getenforce.3
===================================================================
--- trunk/libselinux/man/man3/security_getenforce.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/security_getenforce.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -5,7 +5,7 @@
.B #include <selinux/selinux.h>
.sp
.B int security_getenforce();
-.br
+
.BI "int security_setenforce(int "value );
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man3/security_load_booleans.3
===================================================================
--- trunk/libselinux/man/man3/security_load_booleans.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/security_load_booleans.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -7,15 +7,15 @@
.B #include <selinux/selinux.h>
.sp
extern int security_load_booleans(char *path);
-.br
+
extern int security_get_boolean_names(char ***names, int *len);
-.br
+
extern int security_get_boolean_pending(const char *name);
-.br
+
extern int security_get_boolean_active(const char *name);
-.br
+
extern int security_set_boolean(const char *name, int value);
-.br
+
extern int security_commit_booleans(void);
@@ -29,27 +29,27 @@
The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
security_load_booleans
-.br
+
Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.
security_get_boolean_names
-.br
+
Returns a list of boolean names, currently supported by the loaded policy.
security_set_boolean
-.br
+
Sets the pending value for boolean
security_get_boolean_pending
-.br
+
Return pending value for boolean
security_get_boolean_active
-.br
+
Return active value for boolean
security_commit_booleans
-.br
+
Commit all pending values for the booleans.
.SH AUTHOR
Modified: trunk/libselinux/man/man3/selabel_lookup.3
===================================================================
--- trunk/libselinux/man/man3/selabel_lookup.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/selabel_lookup.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,20 +6,20 @@
selabel_lookup \- obtain SELinux security context from a string label.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" key ", int " type ");"
.in
.sp
.BI "int selabel_lookup_raw(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup_raw('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" key ", int " type ");"
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man3/selabel_open.3
===================================================================
--- trunk/libselinux/man/man3/selabel_open.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/selabel_open.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,13 +6,13 @@
selabel_open, selabel_close \- userspace SELinux labeling interface.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "struct selabel_handle *selabel_open(int " backend ,
.in +\w'struct selabel_handle *selabel_open('u
.BI "struct selinux_opt *" options ,
-.br
+
.BI "unsigned " nopt ");"
.in
.sp
Modified: trunk/libselinux/man/man3/selabel_stats.3
===================================================================
--- trunk/libselinux/man/man3/selabel_stats.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/selabel_stats.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,7 +6,7 @@
selabel_stats \- obtain SELinux labeling statistics.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "void selabel_lookup(struct selabel_handle *" hnd ");"
Modified: trunk/libselinux/man/man3/selinux_binary_policy_path.3
===================================================================
--- trunk/libselinux/man/man3/selinux_binary_policy_path.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/selinux_binary_policy_path.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -10,27 +10,27 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-.br
+
extern const char *selinux_policy_root(void);
-.br
+
extern const char *selinux_binary_policy_path(void);
-.br
+
extern const char *selinux_failsafe_context_path(void);
-.br
+
extern const char *selinux_removable_context_path(void);
-.br
+
extern const char *selinux_default_context_path(void);
-.br
+
extern const char *selinux_user_contexts_path(void);
-.br
+
extern const char *selinux_file_context_path(void);
-.br
+
extern const char *selinux_media_context_path(void);
-.br
+
extern const char *selinux_securetty_types_path(void);
-.br
+
extern const char *selinux_contexts_path(void);
-.br
+
extern const char *selinux_booleans_path(void);
Modified: trunk/libselinux/man/man3/selinux_getenforcemode.3
===================================================================
--- trunk/libselinux/man/man3/selinux_getenforcemode.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/selinux_getenforcemode.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -5,13 +5,13 @@
.B #include <selinux/selinux.h>
.sp
.B int selinux_getenforcemode(int *enforce);
-.br
+
.SH "DESCRIPTION"
.B selinux_getenforcemode
Reads the contents of the /etc/selinux/config file to determine how the
system was setup to run SELinux.
-.br
+
Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
Sets the value of enforce to 0 if SELinux should be run in permissive mode.
Sets the value of enforce to -1 if SELinux should be disabled.
Modified: trunk/libselinux/man/man3/selinux_policy_root.3
===================================================================
--- trunk/libselinux/man/man3/selinux_policy_root.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/selinux_policy_root.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -5,8 +5,8 @@
.B #include <selinux/selinux.h>
.sp
.B char *selinux_policy_root();
-.br
+
.SH "DESCRIPTION"
.B selinux_policy_root
Reads the contents of the /etc/selinux/config file to determine which policy files should be used for this machine.
Modified: trunk/libselinux/man/man3/selinux_set_callback.3
===================================================================
--- trunk/libselinux/man/man3/selinux_set_callback.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/selinux_set_callback.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -39,11 +39,11 @@
argument indicates the type of message and will be set to one of the following:
.B SELINUX_ERROR
-.br
+
.B SELINUX_WARNING
-.br
+
.B SELINUX_INFO
-.br
+
.B SELINUX_AVC
.TP
Modified: trunk/libselinux/man/man3/setfilecon.3
===================================================================
--- trunk/libselinux/man/man3/setfilecon.3 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man3/setfilecon.3 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,9 +6,9 @@
.B #include <selinux/selinux.h>
.sp
.BI "int setfilecon(const char *" path ", security_context_t "con );
-.br
+
.BI "int lsetfilecon(const char *" path ", security_context_t "con );
-.br
+
.BI "int fsetfilecon(int "fd ", security_context_t "con );
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man5/selabel_file.5
===================================================================
--- trunk/libselinux/man/man5/selabel_file.5 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man5/selabel_file.5 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,13 +6,13 @@
selabel_file \- userspace SELinux labeling interface: file contexts backend.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" path ", int " mode ");"
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man5/selabel_media.5
===================================================================
--- trunk/libselinux/man/man5/selabel_media.5 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man5/selabel_media.5 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,13 +6,13 @@
selabel_media \- userspace SELinux labeling interface: media contexts backend.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" device_name ", int " unused ");"
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man5/selabel_x.5
===================================================================
--- trunk/libselinux/man/man5/selabel_x.5 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man5/selabel_x.5 2007-07-25 14:20:41 UTC (rev 2501)
@@ -6,13 +6,13 @@
selabel_x \- userspace SELinux labeling interface: X Window System contexts backend.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.br
+
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
.BI "security_context_t *" context ,
-.br
+
.BI "const char *" object_name ", int " object_type ");"
.SH "DESCRIPTION"
Modified: trunk/libselinux/man/man8/matchpathcon.8
===================================================================
--- trunk/libselinux/man/man8/matchpathcon.8 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man8/matchpathcon.8 2007-07-25 14:20:41 UTC (rev 2501)
@@ -10,16 +10,16 @@
.SH OPTIONS
.B \-n
Do not display path.
-.br
+
.B \-N
Do not use translations.
-.br
+
.B \-f file_context_file
Use alternate file_context file
-.br
+
.B \-p prefix
Use prefix to speed translations
-.br
+
.B \-V
Verify file context on disk matches defaults
Modified: trunk/libselinux/man/man8/selinux.8
===================================================================
--- trunk/libselinux/man/man8/selinux.8 2007-07-23 17:04:00 UTC (rev 2500)
+++ trunk/libselinux/man/man8/selinux.8 2007-07-25 14:20:41 UTC (rev 2501)
@@ -62,14 +62,13 @@
.B system-config-securitylevel
allows customization of these booleans and tunables.
-.br
Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
.SH FILE LABELING
All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
-.br
+
The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
.SH AUTHOR
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-06-14 00:06:43
|
Revision: 2912
http://selinux.svn.sourceforge.net/selinux/?rev=2912&view=rev
Author: ewalsh
Date: 2008-06-13 17:06:23 -0700 (Fri, 13 Jun 2008)
Log Message:
-----------
New and updated man pages for AVC, mapping, label.
Includes avc_open() call, deprecated avc_init(), selinux_set_mapping(),
and new options to the selabel X backend.
Revised per comments.
Signed-off-by: Eamon Walsh <ew...@ty...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/man/man3/avc_cleanup.3
trunk/libselinux/man/man3/avc_destroy.3
trunk/libselinux/man/man3/avc_init.3
trunk/libselinux/man/man3/avc_reset.3
trunk/libselinux/man/man5/selabel_x.5
Added Paths:
-----------
trunk/libselinux/man/man3/avc_open.3
trunk/libselinux/man/man3/selinux_set_mapping.3
Modified: trunk/libselinux/man/man3/avc_cleanup.3
===================================================================
--- trunk/libselinux/man/man3/avc_cleanup.3 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man3/avc_cleanup.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -1 +1 @@
-.so man3/avc_init.3
+.so man3/avc_open.3
Modified: trunk/libselinux/man/man3/avc_destroy.3
===================================================================
--- trunk/libselinux/man/man3/avc_destroy.3 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man3/avc_destroy.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -1 +1 @@
-.so man3/avc_init.3
+.so man3/avc_open.3
Modified: trunk/libselinux/man/man3/avc_init.3
===================================================================
--- trunk/libselinux/man/man3/avc_init.3 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man3/avc_init.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -3,7 +3,7 @@
.\" Author: Eamon Walsh (ew...@ty...) 2004
.TH "avc_init" "3" "27 May 2004" "" "SELinux API documentation"
.SH "NAME"
-avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
+avc_init - legacy userspace SELinux AVC setup.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -18,34 +18,19 @@
.BI "const struct avc_thread_callback *" thread_callbacks ,
.BI "const struct avc_lock_callback *" lock_callbacks ");"
-.in
-.sp
-.BI "void avc_destroy(void);"
-.sp
-.BI "int avc_reset(void);"
-.sp
-.BI "void avc_cleanup(void);"
.SH "DESCRIPTION"
.B avc_init
+is deprecated; please use
+.BR avc_open (3)
+in conjunction with
+.BR selinux_set_callback (3)
+in all new code.
+
+.B avc_init
initializes the userspace AVC and must be called before any other AVC operation can be performed. A non-NULL
.I msgprefix
-will be prepended to all audit messages produced by the userspace AVC. The default is `uavc'. The remaining arguments, if non-NULL, specify callbacks to be used by the userspace AVC. See
-.B CALLBACKS
-below.
+will be prepended to all audit messages produced by the userspace AVC. The default is `uavc'. The remaining arguments, if non-NULL, specify callbacks to be used by the userspace AVC.
-.B avc_destroy
-destroys the userspace AVC, freeing all internal memory structures. After this call has been made,
-.B avc_init
-must be called again before any AVC operations can be performed.
-
-.B avc_reset
-flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function automatically when needed, see
-.B NETLINK NOTIFICATION
-below.
-
-.B avc_cleanup
-forces the userspace AVC to search for and free all unused SID's and any access decision entries that refer to them. Normally, the userspace AVC lazily reclaims unused SID's.
-
.SH "CALLBACKS"
The userspace AVC can be directed how to perform memory allocation, logging, thread creation, and locking via callback functions passed to
.BR avc_init .
@@ -204,10 +189,7 @@
Eamon Walsh <ew...@ty...>
.SH "SEE ALSO"
-.BR avc_has_perm (3),
-.BR avc_context_to_sid (3),
-.BR avc_cache_stats (3),
-.BR avc_add_callback (3),
-.BR security_compute_av (3)
+.BR avc_open (3),
+.BR selinux_set_callback (3),
.BR selinux (8)
Added: trunk/libselinux/man/man3/avc_open.3
===================================================================
--- trunk/libselinux/man/man3/avc_open.3 (rev 0)
+++ trunk/libselinux/man/man3/avc_open.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -0,0 +1,70 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2008
+.TH "avc_open" "3" "12 Jun 2008" "" "SELinux API documentation"
+.SH "NAME"
+avc_open, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_open(struct selinux_opt *" options ", unsigned " nopt ");"
+.sp
+.BI "void avc_destroy(void);"
+.sp
+.BI "int avc_reset(void);"
+.sp
+.BI "void avc_cleanup(void);"
+.SH "DESCRIPTION"
+.B avc_open
+initializes the userspace AVC and must be called before any other AVC operation can be performed.
+
+.B avc_destroy
+destroys the userspace AVC, freeing all internal memory structures. After this call has been made,
+.B avc_open
+must be called again before any AVC operations can be performed.
+
+.B avc_reset
+flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function automatically when needed, see
+.B NETLINK NOTIFICATION
+below.
+
+.B avc_cleanup
+forces the userspace AVC to search for and free all unused SID's and any access decision entries that refer to them. Normally, the userspace AVC lazily reclaims unused SID's.
+
+.SH "OPTIONS"
+The userspace AVC obeys callbacks set via
+.BR selinux_set_callback (3),
+in particular the logging and audit callbacks.
+
+The options which may be passed to
+.B avc_open
+include the following:
+
+.TP
+.B AVC_OPT_SETENFORCE
+This option forces the userspace AVC into enforcing mode if the option value is non-NULL; permissive mode otherwise. The system enforcing mode will be ignored.
+
+.SH "NETLINK NOTIFICATION"
+Beginning with version 2.6.4, the Linux kernel supports SELinux status change notification via netlink. Two message types are currently implemented, indicating changes to the enforcing mode and to the loaded policy in the kernel, respectively. The userspace AVC listens for these messages and takes the appropriate action, modifying the behavior of
+.BR avc_has_perm (3)
+to reflect the current enforcing mode and flushing the cache on receipt of a policy load notification. Audit messages are produced when netlink notifications are processed.
+
+.SH "RETURN VALUE"
+Functions with a return value return zero on success. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "AUTHOR"
+Eamon Walsh <ew...@ty...>
+
+.SH "SEE ALSO"
+.BR selinux (8),
+.BR avc_has_perm (3),
+.BR avc_context_to_sid (3),
+.BR avc_cache_stats (3),
+.BR avc_add_callback (3),
+.BR selinux_set_callback (3),
+.BR security_compute_av (3)
+
Modified: trunk/libselinux/man/man3/avc_reset.3
===================================================================
--- trunk/libselinux/man/man3/avc_reset.3 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man3/avc_reset.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -1 +1 @@
-.so man3/avc_init.3
+.so man3/avc_open.3
Added: trunk/libselinux/man/man3/selinux_set_mapping.3
===================================================================
--- trunk/libselinux/man/man3/selinux_set_mapping.3 (rev 0)
+++ trunk/libselinux/man/man3/selinux_set_mapping.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -0,0 +1,87 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2008
+.TH "selinux_set_mapping" "3" "12 Jun 2008" "" "SELinux API documentation"
+.SH "NAME"
+selinux_set_mapping \- establish dynamic object class and permission mapping.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.nf
+struct security_class_mapping {
+ const char *name;
+ const char *perms[];
+};
+.fi
+.sp
+.BI "int selinux_set_mapping(struct security_class_mapping *" map ");"
+
+.SH "DESCRIPTION"
+.B selinux_set_mapping
+establishes a mapping from a user-provided ordering of object classes and permissions to the numbers actually used by the loaded system policy. Use of this function is highly preferred over the generated constants in the libselinux header files, as this method allows the policy's class and permission values to change over time.
+
+After the mapping is established, all libselinux functions that operate on class and permission values take the user-provided numbers, which are determined as follows:
+
+The
+.I map
+argument consists of an array of
+.B security_class_mapping
+structures, which must be terminated by a structure having a NULL name field. Except for this last structure, the
+.I name
+field should refer to the string name of an object class, and the corresponding
+.I perms
+field should refer to an array of permission bit names terminated by a NULL string.
+
+The object classes named in the mapping and the bit indexes of each set of permission bits named in the mapping are numbered in order starting from 1. These numbers are the values that should be passed to subsequent libselinux calls.
+
+.SH "RETURN VALUE"
+Zero is returned on success. On error, -1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+One of the class or permission names requested in the mapping is not present in the loaded policy.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "EXAMPLE"
+.RS
+.ta 4n 10n
+.nf
+struct security_class_mapping map[] = {
+ { "file", { "create", "unlink", "read", "write", NULL } },
+ { "socket", { "bind", NULL } },
+ { "process", { "signal", NULL } },
+ { NULL }
+};
+
+if (selinux_set_mapping(map) < 0)
+ exit(1);
+.fi
+.ta
+.RE
+
+In this example, after the call has succeeded, classes
+.BR file ,
+.BR socket ,
+and
+.B process
+will be identified by 1, 2 and 3, respectively. Permissions
+.IR create ,
+.IR unlink ,
+.IR read ,
+and
+.I write
+(for the
+.B file
+class) will be identified by 1, 2, 4, and 8 respectively. Classes and permissions not listed in the mapping cannot be used.
+
+.SH "AUTHOR"
+Eamon Walsh <ew...@ty...>
+
+.SH "SEE ALSO"
+.BR avc_open (8),
+.BR selinux (8)
Modified: trunk/libselinux/man/man5/selabel_x.5
===================================================================
--- trunk/libselinux/man/man5/selabel_x.5 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man5/selabel_x.5 2008-06-14 00:06:23 UTC (rev 2912)
@@ -27,15 +27,39 @@
.I object_name
argument specifies the name of a window property, such as "WM_NAME".
.TP
+.B SELABEL_X_SELN
+The
+.I object_name
+argument specifies the name of a selection, such as "PRIMARY".
+.TP
.B SELABEL_X_EXT
The
.I object_name
argument specifies the name of a protocol extension, such as "RENDER".
.TP
+.B SELABEL_X_EVENT
+The
+.I object_name
+argument specifies the name of an event type, such as "X11:ButtonPress".
+.TP
.B SELABEL_X_CLIENT
The
.I object_name
argument is ignored and should be set to NULL. The default context for labeling remote X clients is returned.
+.TP
+.B SELABEL_X_POLYPROP
+Like
+.BR SELABEL_X_PROP ,
+but checks if the property was marked as being polyinstantiated. See
+.B NOTES
+below.
+.TP
+.B SELABEL_X_POLYSELN
+Like
+.BR SELABEL_X_SELN ,
+but checks if the selection was marked as being polyinstantiated. See
+.B NOTES
+below.
.SH "OPTIONS"
In addition to the global options described in
@@ -46,6 +70,9 @@
.B SELABEL_OPT_PATH
A non-null value for this option specifies a path to a file that will be opened in lieu of the standard X contexts file.
+.SH "NOTES"
+Properties and selections are marked as either polyinstantiated or not. For these name types, the "POLY" option searches only the names marked as being polyinstantiated, while the other option searches only the names marked as not being polyinstantiated. Users of the interface should check both mappings, optionally taking action based on the result (e.g. polyinstantiating the object).
+
.SH "SEE ALSO"
.BR selabel_open (3),
.BR selabel_lookup (3),
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X