--- libselinux-1.19.1/include/selinux/selinux.h.rhat	2004-11-09 09:14:24.000000000 -0500

+++ libselinux-1.19.1/include/selinux/selinux.h	2004-11-19 11:21:37.514236820 -0500

@@ -176,7 +176,7 @@

 /* Match the specified media and against the media contexts 

    configuration and set *con to refer to the resulting context.

    Caller must free con via freecon. */

-extern int matchmediacon(const char *path,

+extern int matchmediacon(const char *media,

 		 security_context_t *con);

 /*

--- libselinux-1.19.1/utils/setsebool.c.rhat	2004-11-09 09:14:24.000000000 -0500

+++ libselinux-1.19.1/utils/setsebool.c	2004-11-19 11:21:37.560231630 -0500

@@ -35,6 +35,8 @@

 	if (strcmp(argv[1], "-P") == 0) {

 		permanent = 1;

+		if (argc < 3) 

+			usage();

 		start = 2;

 	}

 	else

--- libselinux-1.19.1/utils/getsebool.c.rhat	2004-11-09 09:14:24.000000000 -0500

+++ libselinux-1.19.1/utils/getsebool.c	2004-11-19 11:21:37.559231743 -0500

@@ -83,8 +83,14 @@

 			rc = -1;

 			goto out;

 		}

-		printf("%s --> active: %d pending: %d\n", names[i],

-		       active, pending);

+		if (pending != active) {

+			printf("%s --> %s pending: %s\n", names[i],

+			       ( active ? "active" : "inactive"),

+			       ( pending ? "active" : "inactive"));

+		} else {

+			printf("%s --> %s\n", names[i],

+			       ( active ? "active" : "inactive"));

+		}

 	}

 out:

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/utils/avcstat.c	2004-11-19 11:21:37.558231856 -0500

@@ -0,0 +1,224 @@

+/*

+ * avcstat - Display SELinux avc statistics.

+ *

+ * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>

+ *

+ * This program is free software; you can redistribute it and/or modify

+ * it under the terms of the GNU General Public License version 2,

+ * as published by the Free Software Foundation.

+ *

+ */

+#include <stdio.h>

+#include <stdlib.h>

+#include <libgen.h>

+#include <stdarg.h>

+#include <errno.h>

+#include <string.h>

+#include <fcntl.h>

+#include <unistd.h>

+#include <signal.h>

+#include <sys/types.h>

+#include <sys/stat.h>

+#include <sys/ioctl.h>

+#include <linux/limits.h>

+

+#define DEF_STAT_FILE	"/avc/cache_stats"

+#define DEF_BUF_SIZE	8192

+#define HEADERS		"lookups hits misses allocations reclaims frees"

+

+struct avc_cache_stats {

+	unsigned int lookups;

+	unsigned int hits;

+	unsigned int misses;

+	unsigned int allocations;

+	unsigned int reclaims;

+	unsigned int frees;

+};

+

+static int interval;

+static int rows;

+static char *progname;

+static char buf[DEF_BUF_SIZE];

+

+/* selinuxfs mount point */

+extern char *selinux_mnt;

+

+

+static void die(const char *msg, ...)

+{

+	va_list args;

+	

+	fputs("ERROR: ", stderr);

+	

+	va_start(args, msg);

+	vfprintf(stderr, msg, args);

+	va_end(args);

+	

+	if (errno)

+		fprintf(stderr, ": %s", strerror(errno));

+		

+	fputc('\n', stderr);

+	exit(1);

+}

+

+static void usage(void)

+{

+	printf("\nUsage: %s [-c] [-f status_file] [interval]\n\n", progname);

+	printf("Display SELinux AVC statistics.  If the interval parameter is specified, the\n");

+	printf("program will loop, displaying updated statistics every \'interval\' seconds.\n");

+	printf("Relative values are displayed by default. Use the -c option to specify the\n");

+	printf("display of cumulative values.  The -f option specifies the location of the\n");

+	printf("AVC statistics file, defaulting to \'%s\%s\'.\n\n", selinux_mnt, DEF_STAT_FILE);

+}

+

+static void set_window_rows(void)

+{

+	int ret;

+	struct winsize ws;

+	

+	ret = ioctl(fileno(stdout), TIOCGWINSZ, &ws);

+	if (ret < 0 || ws.ws_row < 3)

+		ws.ws_row = 24;

+	rows = ws.ws_row;

+}

+

+static void sighandler(int num)

+{

+	if (num == SIGWINCH)

+		set_window_rows();

+}

+

+int main(int argc, char **argv)

+{

+	int fd, i, cumulative = 0;

+	struct sigaction sa;

+	char avcstatfile[PATH_MAX];

+	snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt, DEF_STAT_FILE);

+	progname = basename(argv[0]);

+	

+	while((i = getopt(argc, argv, "cf:h?-")) != -1) {

+		switch (i) {

+		case 'c':

+			cumulative = 1;

+			break;

+		case 'f':

+			strncpy(avcstatfile, optarg, sizeof avcstatfile);

+			break;

+		case 'h':

+		case '-':

+			usage();

+			exit(0);

+		default:

+			usage();

+			die("unrecognized parameter", i);

+		}

+	}

+

+	if (optind < argc) {

+		char *arg = argv[optind];

+		unsigned int n = strtoul(arg, NULL, 10);

+		

+		if (errno == ERANGE) {

+			usage();

+			die("invalid interval \'%s\'", arg);

+		}

+		if (n == 0) {

+			usage();

+			exit (0);

+		}

+		interval = n;

+	}

+	

+	sa.sa_handler = sighandler;

+	sa.sa_flags = SA_RESTART;

+

+	i = sigaction(SIGWINCH, &sa, NULL);

+	if (i < 0)

+		die("sigaction");

+	

+	set_window_rows();

+	fd = open(avcstatfile, O_RDONLY);

+	if (fd < 0)

+		die("open: \'%s\'", avcstatfile);

+	

+	for (i = 0;; i++) {

+		char *line;

+		ssize_t ret, parsed = 0;

+		struct avc_cache_stats tot, rel, last;

+		

+		memset(buf, 0, DEF_BUF_SIZE);

+		ret = read(fd, buf, DEF_BUF_SIZE);

+		if (ret < 0)

+			die("read");

+			

+		if (ret == 0)

+			die("read: \'%s\': unexpected end of file", avcstatfile);

+

+		line = strtok(buf, "\n");

+		if (!line)

+			die("unable to parse \'%s\': end of line not found", avcstatfile); 

+

+		if (strcmp(line, HEADERS))

+			die("unable to parse \'%s\': invalid headers", avcstatfile);

+

+		if (!i || !(i % (rows - 2)))

+			printf("%10s %10s %10s %10s %10s %10s\n", "lookups",

+			       "hits", "misses", "allocs", "reclaims", "frees");

+

+		memset(&tot, 0, sizeof(tot));

+		

+		while ((line = strtok(NULL, "\n"))) {

+			struct avc_cache_stats tmp;

+			

+			ret = sscanf(line, "%u %u %u %u %u %u",

+				     &tmp.lookups,

+				     &tmp.hits,

+				     &tmp.misses,

+				     &tmp.allocations,

+				     &tmp.reclaims,

+				     &tmp.frees);

+			if (ret != 6)

+				die("unable to parse \'%s\': scan error", avcstatfile);

+			

+			tot.lookups += tmp.lookups;

+			tot.hits += tmp.hits;

+			tot.misses += tmp.misses;

+			tot.allocations += tmp.allocations;

+			tot.reclaims += tmp.reclaims;

+			tot.frees += tmp.frees;

+			parsed = 1;

+		}

+

+		if (!parsed)

+			die("unable to parse \'%s\': no data", avcstatfile);

+

+		if (cumulative || (!cumulative && !i))

+			printf("%10u %10u %10u %10u %10u %10u\n",

+			       tot.lookups, tot.hits, tot.misses,

+			       tot.allocations, tot.reclaims, tot.frees);

+		else {

+			rel.lookups = tot.lookups - last.lookups;

+			rel.hits = tot.hits - last.hits;

+			rel.misses = tot.misses - last.misses;

+			rel.allocations = tot.allocations - last.allocations;

+			rel.reclaims = tot.reclaims - last.reclaims;

+			rel.frees = tot.frees - last.frees;

+			printf("%10u %10u %10u %10u %10u %10u\n",

+			       rel.lookups, rel.hits, rel.misses,

+			       rel.allocations, rel.reclaims, rel.frees);

+		}

+		

+		if (!interval)

+			break;

+

+		memcpy(&last, &tot, sizeof(last));

+		sleep(interval);

+

+		ret = lseek(fd, 0, 0);

+		if (ret < 0)

+			die("lseek");

+	}

+

+	close(fd);

+	return 0;

+}

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/rpm_execcon.3	2004-11-19 11:21:37.534234563 -0500

@@ -0,0 +1 @@

+.so man3/getexeccon.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/selinux_media_context_path.3	2004-11-19 11:21:37.551232645 -0500

@@ -0,0 +1 @@

+.so man3/selinux_binary_policy_path.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_user_get.3	2004-11-19 11:21:37.524235691 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- libselinux-1.19.1/man/man3/getcon.3.rhat	2004-11-09 09:14:24.000000000 -0500

+++ libselinux-1.19.1/man/man3/getcon.3	2004-11-19 11:21:37.526235466 -0500

@@ -8,7 +8,9 @@

 .br 

 .BI "int getprevcon(security_context_t *" context );

 .br

-.BI "int getpidcon(pid_t pid, security_context_t *" context );

+.BI "int getpidcon(pid_t " pid ", security_context_t *" context );

+.br

+.BI "int getpeercon(int " fd ", security_context_t *" context);

 .SH "DESCRIPTION"

 .B getcon

@@ -21,6 +23,9 @@

 .B getpidcon

 returns the process context for the specified PID.

+.B getpeercon

+retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.

+

 .SH "RETURN VALUE"

 On error -1 is returned.  On success 0 is returned.

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_user_set.3	2004-11-19 11:21:37.525235579 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/getpeercon.3	2004-11-19 11:21:37.530235014 -0500

@@ -0,0 +1 @@

+.so man3/getcon.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_type_set.3	2004-11-19 11:21:37.523235804 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- libselinux-1.19.1/man/man3/get_ordered_context_list.3.rhat	2004-11-09 09:14:24.000000000 -0500

+++ libselinux-1.19.1/man/man3/get_ordered_context_list.3	2004-11-19 11:29:45.211209677 -0500

@@ -1,6 +1,6 @@

 .TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"

 .SH "NAME"

-get_ordered_context_list, get_default_context, query_user_context \- determine context(s) for user login sessions

+get_ordered_context_list, get_default_context, get_default_context_with_role, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user login sessions

 .SH "SYNOPSIS"

 .B #include <selinux/selinux.h>

@@ -11,10 +11,13 @@

 .sp

 .BI "int get_default_context(const char *" user ", security_context_t "fromcon ", security_context_t *" newcon );

 .sp

+.BI "int get_default_context_with_role(const char* " user ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");

+.sp

 .BI "int query_user_context(security_context_t *" list ", security_context_t *" newcon );

 .sp

 .BI "int manual_user_enter_context(const char *" user ", security_context_t *" newcon );

-

+.sp

+.BI "int get_default_type(const char *" role ", char **" type );

 .SH "DESCRIPTION"

 .B get_ordered_context_list

@@ -31,14 +34,26 @@

 is the same as get_ordered_context_list but only returns a single context

 which has to be freed with freecon.

+.B get_default_context_with_role

+Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it, which has to be freed with freecon.

+

+NOTE get_default_context_with_role is the same as get_default_context

+except that it only returns a context with the specified role, returning

+-1 if no such context is reachable for that user.

+

 .B query_user_context

 takes a list of contexts, queries the user via stdin/stdout as to which context

 they want, and returns a new context as selected by the user (which has to be

 freed with freecon).

 .B manual_user_enter_context

-allows the user to manually enter a context as a fallback if a list of

-authorized contexts could not be obtained. Caller must free via freecon.

+allows the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon.

+

+.B get_default_type

+Get the default type (domain) for 'role' and set 'type' to refer to it, which has to be freed with free.

+

+.B get_default_context_with_role

+Given a list of authorized security contexts for the user, query the user to select one and set *newcon to refer to it, which has to be freed with freecon.

 .SH "RETURN VALUE"

 0 for success and on error -1 is returned.

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_free.3	2004-11-19 11:21:37.515236707 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- libselinux-1.19.1/man/man3/getexeccon.3.rhat	2004-11-09 09:14:24.000000000 -0500

+++ libselinux-1.19.1/man/man3/getexeccon.3	2004-11-19 11:21:37.528235240 -0500

@@ -8,6 +8,8 @@

 .BI "int getexeccon(security_context_t *" context );

 .br 

 .BI "int setexeccon(security_context_t "context );

+.br 

+.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);

 .SH "DESCRIPTION"

 .B getexeccon

@@ -31,6 +33,11 @@

 Note: Signal handlers that perform an execve must take care to

 save, reset, and restore the exec context to avoid unexpected behaviors.

+.br

+

+.B rpm_execcon

+Execute a helper for rpm in an appropriate security context.

+

 .SH "RETURN VALUE"

 On error -1 is returned.

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_range_set.3	2004-11-19 11:21:37.519236255 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/security_commit_booleans.3	2004-11-19 11:21:37.535234450 -0500

@@ -0,0 +1 @@

+.so man3/security_load_booleans.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/security_set_boolean.3	2004-11-19 11:21:37.542233661 -0500

@@ -0,0 +1 @@

+.so man3/security_load_booleans.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/selinux_failsafe_context_path.3	2004-11-19 11:21:37.549232871 -0500

@@ -0,0 +1 @@

+.so man3/selinux_binary_policy_path.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/security_get_boolean_pending.3	2004-11-19 11:21:37.540233886 -0500

@@ -0,0 +1 @@

+.so man3/security_load_booleans.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_role_set.3	2004-11-19 11:21:37.521236030 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_range_get.3	2004-11-19 11:21:37.518236368 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_role_get.3	2004-11-19 11:21:37.520236143 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/security_get_boolean_active.3	2004-11-19 11:21:37.537234225 -0500

@@ -0,0 +1 @@

+.so man3/security_load_booleans.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/selinux_removable_context_path.3	2004-11-19 11:21:37.552232532 -0500

@@ -0,0 +1 @@

+.so man3/selinux_binary_policy_path.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/set_matchpathcon_printf.3	2004-11-19 11:21:37.555232194 -0500

@@ -0,0 +1 @@

+.so man3/matchpathcon.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_new.3	2004-11-19 11:23:54.697758320 -0500

@@ -0,0 +1,56 @@

+.TH "context_new" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation"

+.SH "NAME"

+context_new, context_str, context_free, context_type_get, context_type_set, context_range_get, context_range_set,context_role_get, context_role_set, context_user_get, context_user_set \- Routines to manipulate SELinux security contexts

+

+.SH "SYNOPSIS"

+.B #include <selinux/context.h>

+.br 

+.B "context_t context_new(const char *" context_str );

+.br 

+.B "const char * context_str(context_t " con );

+.br 

+.B "void context_free(context_t " con );

+.br 

+.B "const char * context_type_get(context_t " con );

+.br 

+.B "const char * context_range_get(context_t " con );

+.br 

+.B "const char * context_role_get(context_t " con );

+.br 

+.B "const char * context_user_get(context_t " con );

+.br 

+.B "const char * context_type_set(context_t " con ", const char* " type);

+.br 

+.B "const char * context_range_set(context_t " con ", const char* " range);

+.br 

+.B "const char * context_role_set(context_t " con ", const char* " role );

+.br 

+.B "const char * context_user_set(context_t " con ", const char* " user );

+

+.SH "DESCRIPTION"

+ Functions to deal with security contexts in user space.

+

+context_new

+ Return a new context initialized to a context string 

+

+context_str

+Return a pointer to the string value of the context_t

+Valid until the next call to context_str or context_free 

+for the same context_t*

+

+context_free

+Free the storage used by a context

+

+context_type_get, context_range_get, context_role_get, context_user_get

+Get a pointer to the string value of a context component

+

+NOTE: Values returned by the get functions are only valid until the next call 

+to a set function or context_free() for the same context_t structure.

+

+context_type_set, context_range_set, context_role_set, context_user_set

+Set a context component

+

+.SH "RETURN VALUE"

+On success, zero is returned. On failure, -1 is returned and errno is

+set appropriately.

+

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/context_type_get.3	2004-11-19 11:21:37.522235917 -0500

@@ -0,0 +1 @@

+.so man3/context_new.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/security_get_boolean_names.3	2004-11-19 11:21:37.539233999 -0500

@@ -0,0 +1 @@

+.so man3/security_load_booleans.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/selinux_booleans_path.3	2004-11-19 11:21:37.545233322 -0500

@@ -0,0 +1 @@

+.so man3/selinux_binary_policy_path.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/checkPasswdAccess.3	2004-11-19 11:21:37.514236820 -0500

@@ -0,0 +1 @@

+.so man3/security_compute_av.3

--- libselinux-1.19.1/man/man3/security_compute_av.3.rhat	2004-11-09 09:14:24.000000000 -0500

+++ libselinux-1.19.1/man/man3/security_compute_av.3	2004-11-19 11:32:59.943237946 -0500

@@ -15,6 +15,8 @@

 .BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );

 .sp

 .BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );

+.sp

+.BI "int checkPasswdAccess(access_vector_t " requested );

 .SH "DESCRIPTION"

 .B security_compute_av

@@ -42,6 +44,9 @@

 source context. Is mainly used by

 .B get_ordered_context_list.

+.B checkPasswdAccess

+This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.

+

 .SH "RETURN VALUE"

 0 for success and on error -1 is returned.

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/selinux_binary_policy_path.3	2004-11-19 11:21:37.544233435 -0500

@@ -0,0 +1,75 @@

+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"

+.SH "NAME"

+selinux_binary_policy_path,selinux_failsafe_context_path,selinux_removable_context_path,selinux_default_context_path, selinux_user_contexts_path, selinux_file_context_path, selinux_media_context_path, selinux_contexts_path, selinux_booleans_path

+.sp

+These functions return the paths to specific files under the 

+   policy root directory.

+

+.SH "SYNOPSIS"

+.B #include <selinux/selinux.h>

+.sp

+.br

+extern const char *selinux_binary_policy_path(void);

+.br

+extern const char *selinux_failsafe_context_path(void);

+.br

+extern const char *selinux_removable_context_path(void);

+.br

+extern const char *selinux_default_context_path(void);

+.br

+extern const char *selinux_user_contexts_path(void);

+.br

+extern const char *selinux_file_context_path(void);

+.br

+extern const char *selinux_media_context_path(void);

+.br

+extern const char *selinux_contexts_path(void);

+.br

+extern const char *selinux_booleans_path(void);

+

+

+.SH "DESCRIPTION"

+

+These functions return the paths to specific files under the 

+   policy root directory.

+

+.br

+selinux_binary_policy_path

+.br

+Default Binary Policy

+.sp

+selinux_failsafe_context_path

+.br

+Default failsafe context file

+.sp

+selinux_removable_context_path

+.br

+Default removeable context file

+.sp

+selinux_default_context_path

+.br

+Default context used by login programs and daemons that assume user roles.

+.sp

+selinux_user_contexts_path

+.br

+Default user context file; used by login programs for default login context

+.sp

+selinux_file_context_path

+.br

+Default file context file used restorecon

+.sp

+selinux_media_context_path

+.br

+Default media context file use to set contexts on media devices (cdrom, floppies)

+.sp

+selinux_contexts_path 

+.br 

+Parent directory of context files

+.sp

+selinux_booleans_path

+.br 

+Boolean file path, used by boolean manipulation tools

+

+.SH AUTHOR	

+This manual page was written by Dan Walsh <dwalsh@redhat.com>.

+

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/selinux_contexts_path.3	2004-11-19 11:21:37.546233209 -0500

@@ -0,0 +1 @@

+.so man3/selinux_binary_policy_path.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/selinux_file_context_path.3	2004-11-19 11:21:37.550232758 -0500

@@ -0,0 +1 @@

+.so man3/selinux_binary_policy_path.3

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/matchmediacon.3	2004-11-19 11:32:02.685698348 -0500

@@ -0,0 +1,26 @@

+.TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SE Linux API documentation"

+.SH "NAME"

+matchmediacon \- get the default security context for the specified mediatype from the policy.

+

+.SH "SYNOPSIS"

+.B #include <selinux/selinux.h>

+.sp

+.BI "int matchmediacon(const char *" media ", security_context_t *" con);"

+.br 

+

+.SH "DESCRIPTION"

+.br

+.B matchmediacon 

+matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context. 

+.sp

+.br

+.B Note: 

+   Caller must free returned security context "con" using freecon.

+.SH "RETURN VALUE"

+Returns 0 on success or -1 otherwise.

+

+.SH Files

+/etc/selinux/POLICYTYPE/contexts/files/media

+

+.SH "SEE ALSO"

+.BR freecon "(3)

--- libselinux-1.19.1/man/man3/matchpathcon.3.rhat	2004-11-09 09:14:24.000000000 -0500

+++ libselinux-1.19.1/man/man3/matchpathcon.3	2004-11-19 11:21:37.533234676 -0500

@@ -5,17 +5,22 @@

 .SH "SYNOPSIS"

 .B #include <selinux/selinux.h>

 .sp

-.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);"

+.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);

 .br 

+.BI "void set_matchpathcon_printf(void (*f)(const char *fmt, ...));"

 .SH "DESCRIPTION"

 .br

 .B matchpathcon 

 matches the specified pathname and mode against the file contexts configuration and sets the security context "con" to refer to the resulting context. "mode" can be 0 to disable mode matching, but should be provided whenever possible, as it may affect the matching.

-.sp

-.br

 .B Note: 

    Caller must free returned security context "con" using freecon.

+

+.B set_matchpathcon_printf

+

+Set the function used by matchpathcon when displaying errors about the file_contexts configuration.  If not set, then this defaults to fprintf(stderr, fmt, ...).

+.sp

+.br

 .SH "RETURN VALUE"

 Returns 0 on success or -1 otherwise.

--- /dev/null	2004-11-19 04:10:22.696886456 -0500

+++ libselinux-1.19.1/man/man3/security_load_booleans.3	2004-11-19 11:35:47.204365772 -0500

@@ -0,0 +1,61 @@

+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"

+.SH "NAME"

+security_load_booleans, security_set_boolean, security_commit_booleans, 

+security_get_boolean_names, security_get_boolean_active, security_get_boolean_pending 

+.sp

+routines for manipulating SELinux boolean values

+

+.SH "SYNOPSIS"

+.B #include <selinux/selinux.h>

+.sp

+extern int security_load_booleans(char *path);

+.br

+extern int security_get_boolean_names(char ***names, int *len);

+.br

+extern int security_get_boolean_pending(const char *name);

+.br

+extern int security_get_boolean_active(const char *name);

+.br

+extern int security_set_boolean(const char *name, int value);

+.br

+extern int security_commit_booleans(void);

+

+

+.SH "DESCRIPTION"

+

+The SELinux policy can include conditional rules that are enabled or

+disabled based on the current values of a set of policy booleans.

+These policy booleans allow runtime modification of the security

+policy without having to load a new policy.  

+

+The SELinux API allows for a transaction based update.  So you can set several boolean values and the commit them all at once.

+

+security_load_booleans

+.br

+Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.