041eacc63c
Rebase on upstream commit 32611aea6543
See
$ cd SELinuxProject/selinux
$ git log --pretty=oneline libselinux-3.2..32611aea6543 -- libselinux
Related: rhbz#1938789
119 lines
3.1 KiB
Diff
119 lines
3.1 KiB
Diff
From ea02e0acfaab93219359448a66edff365aef4ca5 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
Date: Tue, 1 Jun 2021 17:35:09 +0200
|
|
Subject: [PATCH] libselinux: improve getcon(3) man page
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
Improve formatting of section DESCRIPTION by adding list points.
|
|
Mention errno is set on failure.
|
|
Mention the returned context might be NULL if SELinux is not enabled.
|
|
Align setcon/_raw parameter by adding const.
|
|
|
|
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
Acked-by: Petr Lautrbach <plautrba@redhat.com>
|
|
---
|
|
libselinux/man/man3/getcon.3 | 41 +++++++++++++++++++++++++-----------
|
|
1 file changed, 29 insertions(+), 12 deletions(-)
|
|
|
|
diff --git a/libselinux/man/man3/getcon.3 b/libselinux/man/man3/getcon.3
|
|
index 67872a4dede6..e7e394f305b7 100644
|
|
--- a/libselinux/man/man3/getcon.3
|
|
+++ b/libselinux/man/man3/getcon.3
|
|
@@ -7,7 +7,7 @@ freecon, freeconary \- free memory associated with SELinux security contexts
|
|
getpeercon \- get security context of a peer socket
|
|
|
|
setcon \- set current security context of a process
|
|
-.
|
|
+
|
|
.SH "SYNOPSIS"
|
|
.B #include <selinux/selinux.h>
|
|
.sp
|
|
@@ -31,30 +31,39 @@ setcon \- set current security context of a process
|
|
.sp
|
|
.BI "void freeconary(char **" con );
|
|
.sp
|
|
-.BI "int setcon(char *" context );
|
|
+.BI "int setcon(const char *" context );
|
|
.sp
|
|
-.BI "int setcon_raw(char *" context );
|
|
-.
|
|
+.BI "int setcon_raw(const char *" context );
|
|
+
|
|
.SH "DESCRIPTION"
|
|
+.TP
|
|
.BR getcon ()
|
|
retrieves the context of the current process, which must be free'd with
|
|
-freecon.
|
|
+.BR freecon ().
|
|
|
|
+.TP
|
|
.BR getprevcon ()
|
|
same as getcon but gets the context before the last exec.
|
|
|
|
+.TP
|
|
.BR getpidcon ()
|
|
-returns the process context for the specified PID.
|
|
+returns the process context for the specified PID, which must be free'd with
|
|
+.BR freecon ().
|
|
|
|
+.TP
|
|
.BR getpeercon ()
|
|
-retrieves context of peer socket, and set
|
|
-.BI * context
|
|
-to refer to it, which must be free'd with
|
|
+retrieves the context of the peer socket, which must be free'd with
|
|
.BR freecon ().
|
|
|
|
+.TP
|
|
.BR freecon ()
|
|
frees the memory allocated for a security context.
|
|
|
|
+If
|
|
+.I con
|
|
+is NULL, no operation is performed.
|
|
+
|
|
+.TP
|
|
.BR freeconary ()
|
|
frees the memory allocated for a context array.
|
|
|
|
@@ -62,6 +71,7 @@ If
|
|
.I con
|
|
is NULL, no operation is performed.
|
|
|
|
+.TP
|
|
.BR setcon ()
|
|
sets the current security context of the process to a new value. Note
|
|
that use of this function requires that the entire application be
|
|
@@ -110,6 +120,8 @@ context and the
|
|
.BR setcon ()
|
|
will fail if it is not allowed by policy.
|
|
|
|
+.TP
|
|
+.BR *_raw()
|
|
.BR getcon_raw (),
|
|
.BR getprevcon_raw (),
|
|
.BR getpidcon_raw (),
|
|
@@ -118,9 +130,14 @@ and
|
|
.BR setcon_raw ()
|
|
behave identically to their non-raw counterparts but do not perform context
|
|
translation.
|
|
-.
|
|
+
|
|
.SH "RETURN VALUE"
|
|
-On error \-1 is returned. On success 0 is returned.
|
|
-.
|
|
+On error \-1 is returned with errno set. On success 0 is returned.
|
|
+
|
|
+.SH "NOTES"
|
|
+The retrieval functions might return success and set
|
|
+.I *context
|
|
+to NULL if and only if SELinux is not enabled.
|
|
+
|
|
.SH "SEE ALSO"
|
|
.BR selinux "(8), " setexeccon "(3)"
|
|
--
|
|
2.32.0
|
|
|