|
 |
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/fgetfilecon.3 libselinux-2.0.71/man/man3/fgetfilecon.3
|
|
|
ac4e772 |
--- nsalibselinux/man/man3/fgetfilecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
15c5a62 |
+++ libselinux-2.0.71/man/man3/fgetfilecon.3 2008-09-09 16:21:46.000000000 -0400
|
|
|
ac4e772 |
@@ -0,0 +1 @@
|
|
|
ac4e772 |
+.so man3/getfilecon.3
|
|
|
15c5a62 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getkeycreatecon.3 libselinux-2.0.71/man/man3/getkeycreatecon.3
|
|
|
15c5a62 |
--- nsalibselinux/man/man3/getkeycreatecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
15c5a62 |
+++ libselinux-2.0.71/man/man3/getkeycreatecon.3 2008-09-09 16:21:49.000000000 -0400
|
|
|
15c5a62 |
@@ -0,0 +1,38 @@
|
|
|
15c5a62 |
+.TH "getkeycreatecon" "3" "9 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation"
|
|
|
15c5a62 |
+.SH "NAME"
|
|
|
15c5a62 |
+getkeycreatecon, setkeycreatecon \- get or set the SELinux security context used for creating a new kernel keyrings.
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.SH "SYNOPSIS"
|
|
|
15c5a62 |
+.B #include <selinux/selinux.h>
|
|
|
15c5a62 |
+.sp
|
|
|
15c5a62 |
+.BI "int getkeycreatecon(security_context_t *" con );
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.BI "int setkeycreatecon(security_context_t "context );
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.SH "DESCRIPTION"
|
|
|
15c5a62 |
+.B getkeycreatecon
|
|
|
15c5a62 |
+retrieves the context used for creating a new kernel keyring.
|
|
|
15c5a62 |
+This returned context should be freed with freecon if non-NULL.
|
|
|
15c5a62 |
+getkeycreatecon sets *con to NULL if no keycreate context has been explicitly
|
|
|
15c5a62 |
+set by the program (i.e. using the default policy behavior).
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.B setkeycreatecon
|
|
|
15c5a62 |
+sets the context used for creating a new kernel keyring.
|
|
|
15c5a62 |
+NULL can be passed to
|
|
|
15c5a62 |
+setkeycreatecon to reset to the default policy behavior.
|
|
|
15c5a62 |
+The keycreate context is automatically reset after the next execve, so a
|
|
|
15c5a62 |
+program doesn't need to explicitly sanitize it upon startup.
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+setkeycreatecon can be applied prior to library
|
|
|
15c5a62 |
+functions that internally perform an file creation,
|
|
|
15c5a62 |
+in order to set an file context on the objects.
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+Note: Signal handlers that perform an setkeycreate must take care to
|
|
|
15c5a62 |
+save, reset, and restore the keycreate context to avoid unexpected behavior.
|
|
|
15c5a62 |
+.SH "RETURN VALUE"
|
|
|
15c5a62 |
+On error -1 is returned.
|
|
|
15c5a62 |
+On success 0 is returned.
|
|
|
15c5a62 |
+
|
|
|
15c5a62 |
+.SH "SEE ALSO"
|
|
|
15c5a62 |
+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/lgetfilecon.3 libselinux-2.0.71/man/man3/lgetfilecon.3
|
|
|
ac4e772 |
--- nsalibselinux/man/man3/lgetfilecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
15c5a62 |
+++ libselinux-2.0.71/man/man3/lgetfilecon.3 2008-09-09 16:21:46.000000000 -0400
|
|
|
ac4e772 |
@@ -0,0 +1 @@
|
|
|
ac4e772 |
+.so man3/getfilecon.3
|
|
|
15c5a62 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setkeycreatecon.3 libselinux-2.0.71/man/man3/setkeycreatecon.3
|
|
|
15c5a62 |
--- nsalibselinux/man/man3/setkeycreatecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
15c5a62 |
+++ libselinux-2.0.71/man/man3/setkeycreatecon.3 2008-09-09 16:22:09.000000000 -0400
|
|
|
15c5a62 |
@@ -0,0 +1 @@
|
|
|
15c5a62 |
+.so man3/getkeycreatecon.3
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.71/man/man8/selinuxconlist.8
|
|
|
792921f |
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
|
|
|
15c5a62 |
+++ libselinux-2.0.71/man/man8/selinuxconlist.8 2008-09-09 16:21:46.000000000 -0400
|
|
|
792921f |
@@ -0,0 +1,18 @@
|
|
|
792921f |
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
792921f |
+.SH "NAME"
|
|
|
792921f |
+selinuxconlist \- list all SELinux context reachable for user
|
|
|
792921f |
+.SH "SYNOPSIS"
|
|
|
792921f |
+.B selinuxconlist [-l level] user [context]
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "DESCRIPTION"
|
|
|
792921f |
+.B selinuxconlist
|
|
|
792921f |
+reports the list of context reachable for user from the current context or specified context
|
|
|
792921f |
+
|
|
|
792921f |
+.B \-l level
|
|
|
792921f |
+mcs/mls level
|
|
|
792921f |
+
|
|
|
792921f |
+.SH AUTHOR
|
|
|
792921f |
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "SEE ALSO"
|
|
|
792921f |
+secon(8), selinuxdefcon(8)
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.71/man/man8/selinuxdefcon.8
|
|
|
792921f |
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
|
|
|
15c5a62 |
+++ libselinux-2.0.71/man/man8/selinuxdefcon.8 2008-09-09 16:21:46.000000000 -0400
|
|
|
792921f |
@@ -0,0 +1,19 @@
|
|
|
792921f |
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
792921f |
+.SH "NAME"
|
|
|
792921f |
+selinuxdefcon \- list default SELinux context for user
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "SYNOPSIS"
|
|
|
792921f |
+.B selinuxdefcon [-l level] user [fromcon]
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "DESCRIPTION"
|
|
|
792921f |
+.B seconlist
|
|
|
792921f |
+reports the default context for the specified user from current context or specified context
|
|
|
792921f |
+
|
|
|
792921f |
+.B \-l level
|
|
|
792921f |
+mcs/mls level
|
|
|
792921f |
+
|
|
|
792921f |
+.SH AUTHOR
|
|
|
792921f |
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
792921f |
+
|
|
|
792921f |
+.SH "SEE ALSO"
|
|
|
792921f |
+secon(8), selinuxconlist(8)
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.71/src/callbacks.c
|
|
|
ac4e772 |
--- nsalibselinux/src/callbacks.c 2008-08-28 09:34:24.000000000 -0400
|
|
|
15c5a62 |
+++ libselinux-2.0.71/src/callbacks.c 2008-09-09 16:21:46.000000000 -0400
|
|
|
d0a06b2 |
@@ -16,6 +16,7 @@
|
|
|
ee77868 |
{
|
|
|
d0a06b2 |
int rc;
|
|
|
d0a06b2 |
va_list ap;
|
|
|
d0a06b2 |
+ if (is_selinux_enabled() == 0) return 0;
|
|
|
d0a06b2 |
va_start(ap, fmt);
|
|
|
d0a06b2 |
rc = vfprintf(stderr, fmt, ap);
|
|
|
d0a06b2 |
va_end(ap);
|
|
|
ac4e772 |
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.71/src/matchpathcon.c
|
|
|
ac4e772 |
--- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
|
|
|
15c5a62 |
+++ libselinux-2.0.71/src/matchpathcon.c 2008-09-09 16:21:46.000000000 -0400
|
|
|
71cd138 |
@@ -2,6 +2,7 @@
|
|
|
71cd138 |
#include <string.h>
|
|
|
71cd138 |
#include <errno.h>
|
|
|
71cd138 |
#include <stdio.h>
|
|
|
71cd138 |
+#include <syslog.h>
|
|
|
71cd138 |
#include "selinux_internal.h"
|
|
|
71cd138 |
#include "label_internal.h"
|
|
|
71cd138 |
#include "callbacks.h"
|
|
|
0fa749d |
@@ -57,7 +58,7 @@
|
|
|
71cd138 |
{
|
|
|
71cd138 |
va_list ap;
|
|
|
71cd138 |
va_start(ap, fmt);
|
|
|
71cd138 |
- vfprintf(stderr, fmt, ap);
|
|
|
0fa749d |
+ vsyslog(LOG_ERR, fmt, ap);
|
|
|
71cd138 |
va_end(ap);
|
|
|
71cd138 |
}
|
|
|
71cd138 |
|