2008-09-09 18:45:26 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/fgetfilecon.3 libselinux-2.0.71/man/man3/fgetfilecon.3
|
|
|
|
--- nsalibselinux/man/man3/fgetfilecon.3 1969-12-31 19:00:00.000000000 -0500
|
2008-09-09 20:24:22 +00:00
|
|
|
+++ libselinux-2.0.71/man/man3/fgetfilecon.3 2008-09-09 16:21:46.000000000 -0400
|
2008-09-09 18:45:26 +00:00
|
|
|
@@ -0,0 +1 @@
|
|
|
|
+.so man3/getfilecon.3
|
2008-09-09 20:24:22 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getkeycreatecon.3 libselinux-2.0.71/man/man3/getkeycreatecon.3
|
|
|
|
--- nsalibselinux/man/man3/getkeycreatecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
|
+++ libselinux-2.0.71/man/man3/getkeycreatecon.3 2008-09-09 16:21:49.000000000 -0400
|
|
|
|
@@ -0,0 +1,38 @@
|
|
|
|
+.TH "getkeycreatecon" "3" "9 September 2008" "dwalsh@redhat.com from russell@coker.com.au" "SELinux API documentation"
|
|
|
|
+.SH "NAME"
|
|
|
|
+getkeycreatecon, setkeycreatecon \- get or set the SELinux security context used for creating a new kernel keyrings.
|
|
|
|
+
|
|
|
|
+.SH "SYNOPSIS"
|
|
|
|
+.B #include <selinux/selinux.h>
|
|
|
|
+.sp
|
|
|
|
+.BI "int getkeycreatecon(security_context_t *" con );
|
|
|
|
+
|
|
|
|
+.BI "int setkeycreatecon(security_context_t "context );
|
|
|
|
+
|
|
|
|
+.SH "DESCRIPTION"
|
|
|
|
+.B getkeycreatecon
|
|
|
|
+retrieves the context used for creating a new kernel keyring.
|
|
|
|
+This returned context should be freed with freecon if non-NULL.
|
|
|
|
+getkeycreatecon sets *con to NULL if no keycreate context has been explicitly
|
|
|
|
+set by the program (i.e. using the default policy behavior).
|
|
|
|
+
|
|
|
|
+.B setkeycreatecon
|
|
|
|
+sets the context used for creating a new kernel keyring.
|
|
|
|
+NULL can be passed to
|
|
|
|
+setkeycreatecon to reset to the default policy behavior.
|
|
|
|
+The keycreate context is automatically reset after the next execve, so a
|
|
|
|
+program doesn't need to explicitly sanitize it upon startup.
|
|
|
|
+
|
|
|
|
+setkeycreatecon can be applied prior to library
|
|
|
|
+functions that internally perform an file creation,
|
|
|
|
+in order to set an file context on the objects.
|
|
|
|
+
|
|
|
|
+
|
|
|
|
+Note: Signal handlers that perform an setkeycreate must take care to
|
|
|
|
+save, reset, and restore the keycreate context to avoid unexpected behavior.
|
|
|
|
+.SH "RETURN VALUE"
|
|
|
|
+On error -1 is returned.
|
|
|
|
+On success 0 is returned.
|
|
|
|
+
|
|
|
|
+.SH "SEE ALSO"
|
|
|
|
+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
|
2008-09-09 18:45:26 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/lgetfilecon.3 libselinux-2.0.71/man/man3/lgetfilecon.3
|
|
|
|
--- nsalibselinux/man/man3/lgetfilecon.3 1969-12-31 19:00:00.000000000 -0500
|
2008-09-09 20:24:22 +00:00
|
|
|
+++ libselinux-2.0.71/man/man3/lgetfilecon.3 2008-09-09 16:21:46.000000000 -0400
|
2008-09-09 18:45:26 +00:00
|
|
|
@@ -0,0 +1 @@
|
|
|
|
+.so man3/getfilecon.3
|
2008-09-09 20:24:22 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/setkeycreatecon.3 libselinux-2.0.71/man/man3/setkeycreatecon.3
|
|
|
|
--- nsalibselinux/man/man3/setkeycreatecon.3 1969-12-31 19:00:00.000000000 -0500
|
|
|
|
+++ libselinux-2.0.71/man/man3/setkeycreatecon.3 2008-09-09 16:22:09.000000000 -0400
|
|
|
|
@@ -0,0 +1 @@
|
|
|
|
+.so man3/getkeycreatecon.3
|
2008-09-09 18:45:26 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxconlist.8 libselinux-2.0.71/man/man8/selinuxconlist.8
|
2008-05-07 17:34:12 +00:00
|
|
|
--- nsalibselinux/man/man8/selinuxconlist.8 1969-12-31 19:00:00.000000000 -0500
|
2008-09-09 20:24:22 +00:00
|
|
|
+++ libselinux-2.0.71/man/man8/selinuxconlist.8 2008-09-09 16:21:46.000000000 -0400
|
2008-05-07 17:34:12 +00:00
|
|
|
@@ -0,0 +1,18 @@
|
|
|
|
+.TH "selinuxconlist" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
|
+.SH "NAME"
|
|
|
|
+selinuxconlist \- list all SELinux context reachable for user
|
|
|
|
+.SH "SYNOPSIS"
|
|
|
|
+.B selinuxconlist [-l level] user [context]
|
|
|
|
+
|
|
|
|
+.SH "DESCRIPTION"
|
|
|
|
+.B selinuxconlist
|
|
|
|
+reports the list of context reachable for user from the current context or specified context
|
|
|
|
+
|
|
|
|
+.B \-l level
|
|
|
|
+mcs/mls level
|
|
|
|
+
|
|
|
|
+.SH AUTHOR
|
|
|
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
|
+
|
|
|
|
+.SH "SEE ALSO"
|
|
|
|
+secon(8), selinuxdefcon(8)
|
2008-09-09 18:45:26 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/selinuxdefcon.8 libselinux-2.0.71/man/man8/selinuxdefcon.8
|
2008-05-07 17:34:12 +00:00
|
|
|
--- nsalibselinux/man/man8/selinuxdefcon.8 1969-12-31 19:00:00.000000000 -0500
|
2008-09-09 20:24:22 +00:00
|
|
|
+++ libselinux-2.0.71/man/man8/selinuxdefcon.8 2008-09-09 16:21:46.000000000 -0400
|
2008-05-07 17:34:12 +00:00
|
|
|
@@ -0,0 +1,19 @@
|
|
|
|
+.TH "selinuxdefcon" "1" "7 May 2008" "dwalsh@redhat.com" "SELinux Command Line documentation"
|
|
|
|
+.SH "NAME"
|
|
|
|
+selinuxdefcon \- list default SELinux context for user
|
|
|
|
+
|
|
|
|
+.SH "SYNOPSIS"
|
|
|
|
+.B selinuxdefcon [-l level] user [fromcon]
|
|
|
|
+
|
|
|
|
+.SH "DESCRIPTION"
|
|
|
|
+.B seconlist
|
|
|
|
+reports the default context for the specified user from current context or specified context
|
|
|
|
+
|
|
|
|
+.B \-l level
|
|
|
|
+mcs/mls level
|
|
|
|
+
|
|
|
|
+.SH AUTHOR
|
|
|
|
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
|
+
|
|
|
|
+.SH "SEE ALSO"
|
|
|
|
+secon(8), selinuxconlist(8)
|
2008-09-09 18:45:26 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/callbacks.c libselinux-2.0.71/src/callbacks.c
|
|
|
|
--- nsalibselinux/src/callbacks.c 2008-08-28 09:34:24.000000000 -0400
|
2008-09-09 20:24:22 +00:00
|
|
|
+++ libselinux-2.0.71/src/callbacks.c 2008-09-09 16:21:46.000000000 -0400
|
2008-07-29 13:22:45 +00:00
|
|
|
@@ -16,6 +16,7 @@
|
2008-07-09 20:57:21 +00:00
|
|
|
{
|
2008-07-29 13:22:45 +00:00
|
|
|
int rc;
|
|
|
|
va_list ap;
|
|
|
|
+ if (is_selinux_enabled() == 0) return 0;
|
|
|
|
va_start(ap, fmt);
|
|
|
|
rc = vfprintf(stderr, fmt, ap);
|
|
|
|
va_end(ap);
|
2008-09-09 18:45:26 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.71/src/matchpathcon.c
|
|
|
|
--- nsalibselinux/src/matchpathcon.c 2008-08-28 09:34:24.000000000 -0400
|
2008-09-09 20:24:22 +00:00
|
|
|
+++ libselinux-2.0.71/src/matchpathcon.c 2008-09-09 16:21:46.000000000 -0400
|
2007-09-18 15:37:42 +00:00
|
|
|
@@ -2,6 +2,7 @@
|
|
|
|
#include <string.h>
|
|
|
|
#include <errno.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
+#include <syslog.h>
|
|
|
|
#include "selinux_internal.h"
|
|
|
|
#include "label_internal.h"
|
|
|
|
#include "callbacks.h"
|
2007-09-18 20:44:47 +00:00
|
|
|
@@ -57,7 +58,7 @@
|
2007-09-18 15:37:42 +00:00
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
va_start(ap, fmt);
|
|
|
|
- vfprintf(stderr, fmt, ap);
|
2007-09-18 20:44:47 +00:00
|
|
|
+ vsyslog(LOG_ERR, fmt, ap);
|
2007-09-18 15:37:42 +00:00
|
|
|
va_end(ap);
|
|
|
|
}
|
|
|
|
|