2004-11-15 20:05:55 +00:00
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.19.1/include/selinux/selinux.h
--- nsalibselinux/include/selinux/selinux.h 2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.19.1/include/selinux/selinux.h 2004-11-15 13:09:00.480224539 -0500
@@ -176,7 +176,7 @@
/* Match the specified media and against the media contexts
configuration and set *con to refer to the resulting context.
Caller must free con via freecon. */
-extern int matchmediacon(const char *path,
+extern int matchmediacon(const char *media,
security_context_t *con);
/*
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/checkPasswdAccess.3 libselinux-1.19.1/man/man3/checkPasswdAccess.3
--- nsalibselinux/man/man3/checkPasswdAccess.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/checkPasswdAccess.3 2004-11-15 15:03:55.190387904 -0500
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_free.3 libselinux-1.19.1/man/man3/context_free.3
--- nsalibselinux/man/man3/context_free.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_free.3 2004-11-15 13:52:50.896470350 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_new.3 libselinux-1.19.1/man/man3/context_new.3
--- nsalibselinux/man/man3/context_new.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_new.3 2004-11-15 14:57:41.295569385 -0500
@@ -0,0 +1,53 @@
+.TH "context_new" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+context_new, context_str, context_free, context_type_get, context_type_set, context_range_get, context_range_set,context_role_get, context_role_set, context_user_get, context_user_set \- Routines to manipulate SELinux security contexts
+
+.SH "SYNOPSIS"
+.B #include <selinux/context.h>
+.br
+.B "context_t context_new(const char *" context_str );
+.br
+.B "const char * context_str(context_t " con );
+.br
+.B "void context_free(context_t " con );
+.br
+.B "const char * context_type_get(context_t " con );
+.br
+.B "const char * context_range_get(context_t " con );
+.br
+.B "const char * context_role_get(context_t " con );
+.br
+.B "const char * context_user_get(context_t " con );
+.br
+.B "const char * context_type_set(context_t " con ", const char* " type);
+.br
+.B "const char * context_range_set(context_t " con ", const char* " range);
+.br
+.B "const char * context_role_set(context_t " con ", const char* " role );
+.br
+.B "const char * context_user_set(context_t " con ", const char* " user );
+
+.SH "DESCRIPTION"
+ Functions to deal with security contexts in user space.
+
+context_new
+ Return a new context initialized to a context string
+
+context_str
+Return a pointer to the string value of the context_t
+Valid until the next call to context_str or context_free
+for the same context_t*
+
+context_free
+Free the storage used by a context
+
+context_type_get, context_range_get, context_role_get, context_user_get
+Get a pointer to the string value of a context component
+
+context_type_set, context_range_set, context_role_set, context_user_set
+Set a context component
+
+.SH "RETURN VALUE"
+On success, zero is returned. On failure, -1 is returned and errno is
+set appropriately.
+
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_range_get.3 libselinux-1.19.1/man/man3/context_range_get.3
--- nsalibselinux/man/man3/context_range_get.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_range_get.3 2004-11-15 13:53:26.882410545 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_range_set.3 libselinux-1.19.1/man/man3/context_range_set.3
--- nsalibselinux/man/man3/context_range_set.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_range_set.3 2004-11-15 13:53:29.743087814 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_role_get.3 libselinux-1.19.1/man/man3/context_role_get.3
--- nsalibselinux/man/man3/context_role_get.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_role_get.3 2004-11-15 13:53:19.851203781 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_role_set.3 libselinux-1.19.1/man/man3/context_role_set.3
--- nsalibselinux/man/man3/context_role_set.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_role_set.3 2004-11-15 13:53:21.655000283 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_type_get.3 libselinux-1.19.1/man/man3/context_type_get.3
--- nsalibselinux/man/man3/context_type_get.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_type_get.3 2004-11-15 13:52:56.782806275 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_type_set.3 libselinux-1.19.1/man/man3/context_type_set.3
--- nsalibselinux/man/man3/context_type_set.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_type_set.3 2004-11-15 13:52:58.885569049 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_user_get.3 libselinux-1.19.1/man/man3/context_user_get.3
--- nsalibselinux/man/man3/context_user_get.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_user_get.3 2004-11-15 13:53:11.683125274 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/context_user_set.3 libselinux-1.19.1/man/man3/context_user_set.3
--- nsalibselinux/man/man3/context_user_set.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/context_user_set.3 2004-11-15 13:53:13.671900908 -0500
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getcon.3 libselinux-1.19.1/man/man3/getcon.3
--- nsalibselinux/man/man3/getcon.3 2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.19.1/man/man3/getcon.3 2004-11-15 14:43:27.459896084 -0500
@@ -8,7 +8,9 @@
.br
.BI "int getprevcon(security_context_t *" context );
.br
-.BI "int getpidcon(pid_t pid, security_context_t *" context );
+.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
+.br
+.BI "int getpeercon(int " fd ", security_context_t *" context);
.SH "DESCRIPTION"
.B getcon
@@ -21,6 +23,9 @@
.B getpidcon
returns the process context for the specified PID.
+.B getpeercon
+retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.
+
.SH "RETURN VALUE"
On error -1 is returned. On success 0 is returned.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_default_context_with_role.3 libselinux-1.19.1/man/man3/get_default_context_with_role.3
--- nsalibselinux/man/man3/get_default_context_with_role.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/get_default_context_with_role.3 2004-11-15 14:26:16.395217127 -0500
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getexeccon.3 libselinux-1.19.1/man/man3/getexeccon.3
--- nsalibselinux/man/man3/getexeccon.3 2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.19.1/man/man3/getexeccon.3 2004-11-15 14:47:55.411666720 -0500
@@ -8,6 +8,8 @@
.BI "int getexeccon(security_context_t *" context );
.br
.BI "int setexeccon(security_context_t "context );
+.br
+.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
.SH "DESCRIPTION"
.B getexeccon
@@ -31,6 +33,11 @@
Note: Signal handlers that perform an execve must take care to
save, reset, and restore the exec context to avoid unexpected behaviors.
+.br
+
+.B rpm_execcon
+Execute a helper for rpm in an appropriate security context.
+
.SH "RETURN VALUE"
On error -1 is returned.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/get_ordered_context_list.3 libselinux-1.19.1/man/man3/get_ordered_context_list.3
--- nsalibselinux/man/man3/get_ordered_context_list.3 2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.19.1/man/man3/get_ordered_context_list.3 2004-11-15 14:51:52.469922652 -0500
@@ -1,6 +1,6 @@
.TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"
.SH "NAME"
-get_ordered_context_list, get_default_context, query_user_context \- determine context(s) for user login sessions
+get_ordered_context_list, get_default_context, query_user_context, manual_user_enter_context, get_default_context_with_role, get_default_role \- determine context(s) for user login sessions
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -14,7 +14,10 @@
.BI "int query_user_context(security_context_t *" list ", security_context_t *" newcon );
.sp
.BI "int manual_user_enter_context(const char *" user ", security_context_t *" newcon );
-
+.sp
+.BI "int get_default_type(const char *" role ", char **" type );
+.sp
+.BI "int get_default_context_with_role(const char* " user ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
.SH "DESCRIPTION"
.B get_ordered_context_list
@@ -40,6 +43,15 @@
allows the user to manually enter a context as a fallback if a list of
authorized contexts could not be obtained. Caller must free via freecon.
+.B get_default_type
+Get the default type (domain) for 'role' and set 'type' to refer to it.
+ Caller must free via free().
+
+.B get_default_context_with_role
+Given a list of authorized security contexts for the user,
+ query the user to select one and set *newcon to refer to it.
+ Caller must free via freecon.
+
.SH "RETURN VALUE"
0 for success and on error -1 is returned.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/getpeercon.3 libselinux-1.19.1/man/man3/getpeercon.3
--- nsalibselinux/man/man3/getpeercon.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/getpeercon.3 2004-11-15 14:43:44.986918748 -0500
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchmediacon.3 libselinux-1.19.1/man/man3/matchmediacon.3
--- nsalibselinux/man/man3/matchmediacon.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/matchmediacon.3 2004-11-15 14:58:59.423755242 -0500
@@ -0,0 +1,26 @@
+.TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SE Linux API documentation"
+.SH "NAME"
+matchmediacon \- get the default security context for the specified mediatype from the policy.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
+.br
+
+.SH "DESCRIPTION"
+.br
+.B matchmediacon
+matches the specified media type with the file contexts configuration and sets the security context "con" to refer to the resulting context.
+.sp
+.br
+.B Note:
+ Caller must free returned security context "con" using freecon.
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise.
+
+.SH Files
+/etc/selinux/POLICYTYPE/contexts/files/media
+
+.SH "SEE ALSO"
+.BR freecon "(3)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/matchpathcon.3 libselinux-1.19.1/man/man3/matchpathcon.3
--- nsalibselinux/man/man3/matchpathcon.3 2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.19.1/man/man3/matchpathcon.3 2004-11-15 14:38:10.211686897 -0500
@@ -5,17 +5,22 @@
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
-.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);"
+.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
.br
+.BI "void set_matchpathcon_printf(void (*f)(const char *fmt, ...));"
.SH "DESCRIPTION"
.br
.B matchpathcon
matches the specified pathname and mode against the file contexts configuration and sets the security context "con" to refer to the resulting context. "mode" can be 0 to disable mode matching, but should be provided whenever possible, as it may affect the matching.
-.sp
-.br
.B Note:
Caller must free returned security context "con" using freecon.
+
+.B set_matchpathcon_printf
+
+Set the function used by matchpathcon when displaying errors about the file_contexts configuration. If not set, then this defaults to fprintf(stderr, fmt, ...).
+.sp
+.br
.SH "RETURN VALUE"
Returns 0 on success or -1 otherwise.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/rpm_execcon.3 libselinux-1.19.1/man/man3/rpm_execcon.3
--- nsalibselinux/man/man3/rpm_execcon.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/rpm_execcon.3 2004-11-15 14:48:21.682702915 -0500
@@ -0,0 +1 @@
+.so man3/getexeccon.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_commit_booleans.3 libselinux-1.19.1/man/man3/security_commit_booleans.3
--- nsalibselinux/man/man3/security_commit_booleans.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/security_commit_booleans.3 2004-11-15 14:00:34.815132700 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_compute_av.3 libselinux-1.19.1/man/man3/security_compute_av.3
--- nsalibselinux/man/man3/security_compute_av.3 2004-10-20 16:31:36.000000000 -0400
+++ libselinux-1.19.1/man/man3/security_compute_av.3 2004-11-15 15:04:53.324829384 -0500
@@ -15,6 +15,8 @@
.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
.sp
.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
+.sp
+.BI "int checkPasswdAccess(access_vector_t " requested );
.SH "DESCRIPTION"
.B security_compute_av
@@ -42,6 +44,9 @@
source context. Is mainly used by
.B get_ordered_context_list.
+.B checkPasswdAccess
+This functions is a helper functions that allows you to check for a permission in the passwd class.
+
.SH "RETURN VALUE"
0 for success and on error -1 is returned.
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_get_boolean_active.3 libselinux-1.19.1/man/man3/security_get_boolean_active.3
--- nsalibselinux/man/man3/security_get_boolean_active.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_active.3 2004-11-15 13:59:47.930422066 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_get_boolean_names.3 libselinux-1.19.1/man/man3/security_get_boolean_names.3
--- nsalibselinux/man/man3/security_get_boolean_names.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_names.3 2004-11-15 14:01:41.377623357 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_get_boolean_pending.3 libselinux-1.19.1/man/man3/security_get_boolean_pending.3
--- nsalibselinux/man/man3/security_get_boolean_pending.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/security_get_boolean_pending.3 2004-11-15 13:59:30.858348076 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_load_booleans.3 libselinux-1.19.1/man/man3/security_load_booleans.3
--- nsalibselinux/man/man3/security_load_booleans.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/security_load_booleans.3 2004-11-15 14:59:32.996967632 -0500
@@ -0,0 +1,69 @@
+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+security_load_booleans, security_set_boolean, security_commit_booleans,
+security_get_boolean_names, security_get_boolean_active, security_get_boolean_pending
+.sp
+routines for manipulating SELinux boolean values
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+extern int security_load_booleans(char *path);
+.br
+extern int security_get_boolean_names(char ***names, int *len);
+.br
+extern int security_get_boolean_pending(const char *name);
+.br
+extern int security_get_boolean_active(const char *name);
+.br
+extern int security_set_boolean(const char *name, int value);
+.br
+extern int security_commit_booleans(void);
+
+
+.SH "DESCRIPTION"
+
+The SELinux policy can include conditional rules that are enabled or
+disabled based on the current values of a set of policy booleans.
+These policy booleans allow runtime modification of the security
+policy without having to load a new policy.
+
+The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
+
+security_load_booleans
+.br
+Load policy boolean settings.
+ Path may be NULL, in which case the booleans are loaded from
+ the active policy boolean configuration file.
+
+security_get_boolean_names
+.br
+Returns a list of boolean names, currently supported by the loaded policy.
+
+security_get_boolean_pending
+.br
+Return pending value for boolean
+
+security_get_boolean_active
+.br
+Return active value for boolean
+
+security_set_boolean
+.br
+Set the pending value for the boolean
+
+security_commit_booleans
+.br
+Commit all pending values for the booleans.
+
+security_set_boolean
+.br
+sets the current state of a particular SELinux boolean or a list of booleans
+to a given value. The value may be 1 or true to enable the boolean, or 0 or
+false to disable it.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+getsebool(8), booleans(8), togglesebool(8)
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/security_set_boolean.3 libselinux-1.19.1/man/man3/security_set_boolean.3
--- nsalibselinux/man/man3/security_set_boolean.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/security_set_boolean.3 2004-11-15 14:00:26.427079010 -0500
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_binary_policy_path.3 libselinux-1.19.1/man/man3/selinux_binary_policy_path.3
--- nsalibselinux/man/man3/selinux_binary_policy_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_binary_policy_path.3 2004-11-15 14:20:07.949783828 -0500
@@ -0,0 +1,75 @@
+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+selinux_binary_policy_path,selinux_failsafe_context_path,selinux_removable_context_path,selinux_default_context_path, selinux_user_contexts_path, selinux_file_context_path, selinux_media_context_path, selinux_contexts_path, selinux_booleans_path
+.sp
+These functions return the paths to specific files under the
+ policy root directory.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.br
+extern const char *selinux_binary_policy_path(void);
+.br
+extern const char *selinux_failsafe_context_path(void);
+.br
+extern const char *selinux_removable_context_path(void);
+.br
+extern const char *selinux_default_context_path(void);
+.br
+extern const char *selinux_user_contexts_path(void);
+.br
+extern const char *selinux_file_context_path(void);
+.br
+extern const char *selinux_media_context_path(void);
+.br
+extern const char *selinux_contexts_path(void);
+.br
+extern const char *selinux_booleans_path(void);
+
+
+.SH "DESCRIPTION"
+
+These functions return the paths to specific files under the
+ policy root directory.
+
+.br
+selinux_binary_policy_path
+.br
+Default Binary Policy
+.sp
+selinux_failsafe_context_path
+.br
+Default failsafe context file
+.sp
+selinux_removable_context_path
+.br
+Default removeable context file
+.sp
+selinux_default_context_path
+.br
+Default context used by login programs and daemons that assume user roles.
+.sp
+selinux_user_contexts_path
+.br
+Default user context file; used by login programs for default login context
+.sp
+selinux_file_context_path
+.br
+Default file context file used restorecon
+.sp
+selinux_media_context_path
+.br
+Default media context file use to set contexts on media devices (cdrom, floppies)
+.sp
+selinux_contexts_path
+.br
+Parent directory of context files
+.sp
+selinux_booleans_path
+.br
+Boolean file path, used by boolean manipulation tools
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_booleans_path.3 libselinux-1.19.1/man/man3/selinux_booleans_path.3
--- nsalibselinux/man/man3/selinux_booleans_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_booleans_path.3 2004-11-15 14:23:22.441841927 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_contexts_path.3 libselinux-1.19.1/man/man3/selinux_contexts_path.3
--- nsalibselinux/man/man3/selinux_contexts_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_contexts_path.3 2004-11-15 14:23:12.767933303 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_default_context_path.3 libselinux-1.19.1/man/man3/selinux_default_context_path.3
--- nsalibselinux/man/man3/selinux_default_context_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_default_context_path.3 2004-11-15 14:22:35.137178671 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_failsafe_context_path.3 libselinux-1.19.1/man/man3/selinux_failsafe_context_path.3
--- nsalibselinux/man/man3/selinux_failsafe_context_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_failsafe_context_path.3 2004-11-15 14:22:01.123016028 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_file_context_path.3 libselinux-1.19.1/man/man3/selinux_file_context_path.3
--- nsalibselinux/man/man3/selinux_file_context_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_file_context_path.3 2004-11-15 14:22:58.167580463 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_media_context_path.3 libselinux-1.19.1/man/man3/selinux_media_context_path.3
--- nsalibselinux/man/man3/selinux_media_context_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_media_context_path.3 2004-11-15 14:23:03.138019716 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_removable_context_path.3 libselinux-1.19.1/man/man3/selinux_removable_context_path.3
--- nsalibselinux/man/man3/selinux_removable_context_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_removable_context_path.3 2004-11-15 14:22:20.722804849 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/selinux_user_contexts_path.3 libselinux-1.19.1/man/man3/selinux_user_contexts_path.3
--- nsalibselinux/man/man3/selinux_user_contexts_path.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/selinux_user_contexts_path.3 2004-11-15 14:22:46.436903876 -0500
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man3/set_matchpathcon_printf.3 libselinux-1.19.1/man/man3/set_matchpathcon_printf.3
--- nsalibselinux/man/man3/set_matchpathcon_printf.3 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.19.1/man/man3/set_matchpathcon_printf.3 2004-11-15 14:38:57.005407796 -0500
@@ -0,0 +1 @@
+.so man3/matchpathcon.3
2004-11-12 13:03:50 +00:00
diff --exclude-from=exclude -N -u -r nsalibselinux/man/man8/getsebool.8 libselinux-1.19.1/man/man8/getsebool.8
--- nsalibselinux/man/man8/getsebool.8 2004-11-02 14:26:19.000000000 -0500
2004-11-15 20:05:55 +00:00
+++ libselinux-1.19.1/man/man8/getsebool.8 2004-11-12 09:16:43.000000000 -0500
2004-11-12 13:03:50 +00:00
@@ -8,13 +8,12 @@
.SH "DESCRIPTION"
.B getsebool
-reports the current state of either a particular SELinux boolean or
-all SELinux booleans. The state consists of two values, the active
-value and the pending value. The active value indicates the value
-that is presently applied to the policy. The pending value indicates
+reports where a particular SELinux boolean or
+all SELinux booleans are active or inactive.
+In certain situations a boolean can be in one state with a pending
+change to the other state. getsebool will report this as a pending change.
+The pending value indicates
the value that will be applied upon the next boolean commit.
-Typically, these values will be the same; they only differ when in the
-middle of a boolean change transaction.
The setting of boolean values occurs in two stages; first the pending
value is changed, then the booleans are committed, causing their
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/getsebool.c libselinux-1.19.1/utils/getsebool.c
--- nsalibselinux/utils/getsebool.c 2004-11-09 09:13:54.000000000 -0500
2004-11-15 20:05:55 +00:00
+++ libselinux-1.19.1/utils/getsebool.c 2004-11-12 09:16:43.000000000 -0500
2004-11-12 13:03:50 +00:00
@@ -83,8 +83,14 @@
rc = -1;
goto out;
}
- printf("%s --> active: %d pending: %d\n", names[i],
- active, pending);
+ if (pending != active) {
+ printf("%s --> %s pending: %s\n", names[i],
+ ( active ? "active" : "inactive"),
+ ( pending ? "active" : "inactive"));
+ } else {
+ printf("%s --> %s\n", names[i],
+ ( active ? "active" : "inactive"));
+ }
}
out:
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/setsebool.c libselinux-1.19.1/utils/setsebool.c
--- nsalibselinux/utils/setsebool.c 2004-11-09 09:13:54.000000000 -0500
2004-11-15 20:05:55 +00:00
+++ libselinux-1.19.1/utils/setsebool.c 2004-11-12 09:16:43.000000000 -0500
2004-11-09 14:24:39 +00:00
@@ -35,6 +35,8 @@
if (strcmp(argv[1], "-P") == 0) {
permanent = 1;
+ if (argc < 3)
+ usage();
start = 2;
2004-10-01 18:56:25 +00:00
}
2004-11-09 14:24:39 +00:00
else