libselinux/0033-libselinux-improve-getcon-3-man-page.patch
Petr Lautrbach 041eacc63c libselinux-3.2-5
Rebase on upstream commit 32611aea6543

See
    $ cd SELinuxProject/selinux
    $ git log --pretty=oneline libselinux-3.2..32611aea6543 -- libselinux

Related: rhbz#1938789
2021-07-30 12:03:09 +02:00

119 lines
3.1 KiB
Diff

From ea02e0acfaab93219359448a66edff365aef4ca5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Tue, 1 Jun 2021 17:35:09 +0200
Subject: [PATCH] libselinux: improve getcon(3) man page
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Improve formatting of section DESCRIPTION by adding list points.
Mention errno is set on failure.
Mention the returned context might be NULL if SELinux is not enabled.
Align setcon/_raw parameter by adding const.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
---
libselinux/man/man3/getcon.3 | 41 +++++++++++++++++++++++++-----------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/libselinux/man/man3/getcon.3 b/libselinux/man/man3/getcon.3
index 67872a4dede6..e7e394f305b7 100644
--- a/libselinux/man/man3/getcon.3
+++ b/libselinux/man/man3/getcon.3
@@ -7,7 +7,7 @@ freecon, freeconary \- free memory associated with SELinux security contexts
getpeercon \- get security context of a peer socket
setcon \- set current security context of a process
-.
+
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -31,30 +31,39 @@ setcon \- set current security context of a process
.sp
.BI "void freeconary(char **" con );
.sp
-.BI "int setcon(char *" context );
+.BI "int setcon(const char *" context );
.sp
-.BI "int setcon_raw(char *" context );
-.
+.BI "int setcon_raw(const char *" context );
+
.SH "DESCRIPTION"
+.TP
.BR getcon ()
retrieves the context of the current process, which must be free'd with
-freecon.
+.BR freecon ().
+.TP
.BR getprevcon ()
same as getcon but gets the context before the last exec.
+.TP
.BR getpidcon ()
-returns the process context for the specified PID.
+returns the process context for the specified PID, which must be free'd with
+.BR freecon ().
+.TP
.BR getpeercon ()
-retrieves context of peer socket, and set
-.BI * context
-to refer to it, which must be free'd with
+retrieves the context of the peer socket, which must be free'd with
.BR freecon ().
+.TP
.BR freecon ()
frees the memory allocated for a security context.
+If
+.I con
+is NULL, no operation is performed.
+
+.TP
.BR freeconary ()
frees the memory allocated for a context array.
@@ -62,6 +71,7 @@ If
.I con
is NULL, no operation is performed.
+.TP
.BR setcon ()
sets the current security context of the process to a new value. Note
that use of this function requires that the entire application be
@@ -110,6 +120,8 @@ context and the
.BR setcon ()
will fail if it is not allowed by policy.
+.TP
+.BR *_raw()
.BR getcon_raw (),
.BR getprevcon_raw (),
.BR getpidcon_raw (),
@@ -118,9 +130,14 @@ and
.BR setcon_raw ()
behave identically to their non-raw counterparts but do not perform context
translation.
-.
+
.SH "RETURN VALUE"
-On error \-1 is returned. On success 0 is returned.
-.
+On error \-1 is returned with errno set. On success 0 is returned.
+
+.SH "NOTES"
+The retrieval functions might return success and set
+.I *context
+to NULL if and only if SELinux is not enabled.
+
.SH "SEE ALSO"
.BR selinux "(8), " setexeccon "(3)"
--
2.32.0