aboutsummaryrefslogtreecommitdiffstats
path: root/libselinux/man
Commit message (Collapse)AuthorAgeFilesLines
* libselinux: Add security_reject_unknown(3) man pagePetr Lautrbach2019-03-112-1/+20
| | | | | | | | Commit c19395d72295 ("libselinux: selinux_set_mapping: fix handling of unknown classes/perms") added a new interface security_reject_unknown() which needs to be documented. Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
* Allow installing translated man pagesAleksei Nikiforov2019-01-281-3/+22
| | | | Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>
* Add man pages translation by Olesya GerasimenkoAleksei Nikiforov2019-01-2837-0/+2173
| | | | | Signed-off-by: Olesya Gerasimenko <gammaray@basealt.ru> Signed-off-by: Aleksei Nikiforov <darktemplar@basealt.ru>
* Fix minor typosYuri Chornoivan2018-06-303-3/+3
| | | | Signed-off-by: Yuri Chornoivan <yurchor@ukr.net>
* libselinux: fix the whatis line for the selinux_boolean_sub.3 manpageLaurent Bigonville2018-05-301-1/+1
| | | | Signed-off-by: Laurent Bigonville <bigon@bigon.be>
* libselinux: Fix line wrapping in selabel_file.5Laurent Bigonville2018-05-301-1/+1
| | | | | | | | | Fix line wrapping with limited to 80 columns Fix lintian error: W: selinux-utils: manpage-has-errors-from-man usr/share/man/man5/selabel_file.5.gz 104: warning [p 2, 10.0i]: cannot adjust line Signed-off-by: Laurent Bigonville <bigon@bigon.be>
* libselinux: Fix spelling errors in manpagesLaurent Bigonville2018-05-302-2/+2
| | | | Signed-off-by: Laurent Bigonville <bigon@bigon.be>
* libselinux: build: follow standard semantics for DESTDIR and PREFIXMarcus Folkesson2018-02-141-9/+10
| | | | | | | | | | This patch solves the following issues: - The pkg-config files generates odd paths when using DESTDIR without PREFIX - DESTDIR is needed during compile time to compute library and header paths which it should not. - Installing with both DESTDIR and PREFIX set gives us odd paths - Make usage of DESTDIR and PREFIX more standard Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
* libselinux: Correct manpages regarding removable_contextRichard Haines2018-01-132-6/+3
| | | | | | | | | | The selabel_media(5) man page incorrectly stated that the removable_context(5) would be read if an selabel_lookup(3) failed. Correct the man pages that fixes [1]. [1] https://bugzilla.redhat.com/show_bug.cgi?id=1395621 Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: add security_get_checkreqprotChristian Göttsche2017-05-081-1/+10
| | | | | Add security_get_checkreqprot() function, returning the current active checkreqprot value
* setfiles: Fix setfiles progress indicatorRichard Haines2017-01-271-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | This fixes the following bug: UX regression: setfiles progress indicator is now misleading and confusing in fixfiles. The outputting of * is replaced by the number of files in 1k increments as the previous versions. If "/" is specified on the pathname, then this will indicate a mass relabel, an example output will be: restorecon -nRp /etc /tmp /boot / /etc 100.0% /tmp 100.0% /boot 100.0% 3.2% Also setfiles(8) and restorecon(8) versions that are implemented using the selinux_restorecon(3) function do not support the [-o filename] option as this was deprecated. This has now been made clear by displaying a message to stderr. The documentation has also been updated to reflect these changes. Reported-by: Alan Jenkins <alan.christopher.jenkins@gmail.com> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: selinux_restorecon.3 man page typo fixLokesh Mandvekar2017-01-251-1/+1
| | | | Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>
* libselinux: fix argument order in get_default_context_with_rolelevel() docNicolas Iooss2017-01-191-1/+1
| | | | | | | | | | | | | | | | | | | | | libselinux/src/get_context_list.c defines get_default_context_with_rolelevel(user, role, level... libselinux/utils/getdefaultcon.c uses get_default_context_with_rolelevel(seuser, role, level... but libselinux/include/selinux/get_context_list.h declares get_default_context_with_rolelevel(user, level, role... and libselinux/man/man3/get_ordered_context_list.3 follows this declaration. Fix the header and the man page. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
* man: standardize spacing with pointers in prototypesMike Frysinger2016-12-1214-46/+46
| | | | | | | | | | | | The majority of prototypes don't put a space between the "*" and the parameter name. i.e. this style is incorrect: char * foo; Instead, we want: char *foo; Fix a bunch of references that use this uncommon style. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* selinux(8): fix display of man page referencesMike Frysinger2016-12-121-5/+5
| | | | | | | The section number shouldn't be bolded. Fix a few references in selinux(8) to match all the other man pages. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
* libselinux: Add function to find security.restorecon_last entriesRichard Haines2016-09-266-9/+185
| | | | | | | | | | This patch adds a new selinux_restorecon_xattr(3) function to find and/or remove security.restorecon_last entries added by setfiles(8) or restorecon(8). Also review and update the man pages. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: Add setfiles support to selinux_restorecon(3)Richard Haines2016-08-114-26/+100
| | | | | | | | Add additional error handling, flags, xdev handling, alt_rootpath and add/remove non-seclabel fs's to support setfiles(8), restorecon(8) and restorecond(8) functionality. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: Evaluate inodes in selinux_restorecon(3)Richard Haines2016-08-111-2/+5
| | | | | | | | | | This patch adds inode evaluation services from policycoreutiles/setfiles to selinux_restorecon.c The overall objective is to modify restorecon(8) and setfiles(8) to use selinux_restorecon(3) services. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: man: Clarify is_selinux_mls_enabled() descriptionDavid King2016-06-231-1/+3
| | | | | | | | | Improve the description by mentioning that if is_selinux_mls_enabled(), it simply means that the kernel has MLS support and the policy contains MLS features. To check whether MLS support is enabled on the running system, use selinux_getpolicytype(). Signed-off-by: David King <dking@redhat.com>
* libselinux: man: Explain how to free policy type from selinux_getpolicytype()David King2016-06-231-1/+4
| | | | | | Additionally, fix a typo. Signed-off-by: David King <dking@redhat.com>
* Fix multiple spelling errorsLaurent Bigonville2016-05-023-4/+4
| | | | Thanks to the lintian utility from Debian
* libselinux: Fix typo in sefcontext_compile.8Petr Lautrbach2016-04-121-2/+2
| | | | | | | | The man page contains 'prce' instead of 'pcre' Reported-by: Milos Malik <mmalik@redhat.com> Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
* Fix location of selinuxfs mount pointDan Walsh2016-03-253-4/+4
|
* libselinux: selinux_restorecon.3 man page corrections.Richard Haines2016-02-221-12/+20
| | | | | | | Fix typo's and clarify usage. Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: Add selinux_restorecon functionRichard Haines2016-02-174-0/+325
| | | | | | | | | | | | The selinux_restorecon(3) man page details this function. It has been built using the work from Android where an SHA1 hash of the specfiles is held in an extended attribute to enhance performance. Also contains components from policycoreutils/setfiles. The utils/selinux_restorecon.c utility demonstrates the functionality. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux/man: Add information about thread specific on setfscreateconDan Walsh2015-12-173-0/+14
| | | | Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
* libselinux, policycoreutils: Man page warning fixesVille Skyttä2015-11-2412-12/+12
| | | | Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
* libselinux: Add selabel_digest functionRichard Haines2015-10-132-0/+66
| | | | | | | | | | | | | | selabel_digest(3) if enabled by the SELABEL_OPT_DIGEST option during selabel_open(3) will return an SHA1 digest of the spec files, plus a list of the specfiles used to calculate the digest. There is a test utility supplied that will demonstrate the functionality. The use case for selabel_digest(3) is to implement an selinux_restorecon function based on the Android version that writes a hash of the file_contexts files to an extended attribute to enhance performance (see external/libselinux/src/android.c selinux_android_restorecon()). Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: Add policy context validation to sefcontext_compileRichard Haines2015-08-251-2/+13
| | | | | | | | | Add -p option that will take a binary policy file to validate context entries in the text file_contexts file. Should validation fail the binary file will not be written. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: Add const to selinux_opt for label backends.Richard Haines2015-07-101-1/+1
| | | | | | | | Change selabel_open and label backends to take a 'const struct selinux_opt' argument. This work has already been done for the Android version components. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: Enhance file context supportRichard Haines2015-06-161-4/+45
| | | | | | | | | | | | | | | | | | | | | | Update file contexts generation and loading to use common code. Remove "status = 0; after "status = sort_specs(data);" otherwise the function will never indicate a failure. The file labeling code also has minor formatting, white space removal etc. changes. label_file.c - Move process_line function to label_file.h sefcontext_compile.c - Update to use common process_line code. Now frees all malloc'ed memory, checked by valgrind. Also added optional -o output file parameter - updated man page to reflect this change. V2 - Revert to using compat_validate instead of selabel_validate. V3 - Revert to using callback for validation now the problem has been fixed by commit e88914849490c3fc17b0e5ed67387e47f2701d3c ("libselinux: build sefcontext_compile with static libselinux") Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
* libselinux: Expunge remaining references to flask.h and av_permissions.h.Stephen Smalley2015-05-272-4/+0
| | | | | | | Missed a few references to these header files when they were deprecated in 76913d8adb61b5afe28fd3b4ce91feab29e284dd. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* libselinux: matchpathcon/selabel_file: Fix man pages.Stephen Smalley2015-05-112-7/+44
| | | | | | | | | | | | As discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1219718, there are several inconsistencies between the matchpathcon man page and the implementation. The same is true of the SELABEL_OPT_SUBSET option for the selabel_file backend. Fix the man pages for both. Also note in the man pages that the entire matchpathcon family of functions is deprecated and recommend use of the corresponding selabel interfaces for new code. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* libselinux: Add selabel partial and best match APIsRichard Haines2015-05-063-0/+135
| | | | | | | | | | | | Add support for new API functions selabel_partial_match and selabel_lookup_best_match ported from the Android libselinux fork. Add supporting man(3) pages and test utilities: selabel_lookup, selabel_lookup_best_match and selabel_partial_match. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* libselinux: getcon.3: Fix setcon description.Stephen Smalley2015-02-231-3/+11
| | | | | | | The man page description for setcon() was never updated for the introduction of bounded transitions in Linux 2.6.28. Update it. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* libselinux: man: Add missing manpage links to security_load_policy.3Laurent Bigonville2014-09-022-0/+2
| | | | | | | | | Add the missing manpage link for selinux_init_load_policy(3) and selinux_mkload_policy(3) to security_load_policy(3) https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=753803 Acked-by: Steve Lawrence <slawrence@tresys.com>
* Add db_exception and db_datatype support to label_db backendArtyom Smirnov2014-06-261-0/+12
| | | | | | | | | | Hi, in https://github.com/TresysTechnology/refpolicy/pull/1 db_exception and db_datatype were added to reference policy. This small patch extends ability of label_db backend to work with these objects. Regards.
* libselinux: fix typo in man pageNicolas Iooss2014-06-121-1/+1
|
* Get rid of security_context_t and fix const declarations.Stephen Smalley2014-02-1923-88/+88
| | | | | | | | | | | | | | | | | | | | In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com>
* libselinux: Refactor rpm_execcon() into a new setexecfilecon()Guillem Jover2014-01-061-3/+20
| | | | | | | | | | | This new function allows a process to invoke helper programs with a new execution context based on the filename, this is initially intended for package managers so that they can easily execute package scriptlets or maintainer scripts. Base rpm_execcon() off this new function. Signed-off-by: Guillem Jover <guillem@debian.org>
* Merge branch 'fedora' into master-mergeStephen Smalley2013-10-247-14/+57
|\ | | | | | | | | | | | | | | | | | | | | | | Conflicts: libselinux/src/Makefile libselinux/src/selinux_config.c policycoreutils/audit2allow/audit2allow.1 policycoreutils/scripts/fixfiles.8 policycoreutils/semanage/semanage.8 policycoreutils/sepolicy/Makefile policycoreutils/sepolicy/sepolicy/transition.py policycoreutils/setsebool/setsebool.8
| * Add selinux_current_policy_path, which returns the a pointer to the loaded ↵Dan Walsh2013-10-242-1/+7
| | | | | | | | | | | | | | policy Also change audit2why to look at the loaded policy rather then searching on disk for the policy file. It is more likely that you are examining the running policy.
| * Add selinux_set_policy_root sets an alternate policy root directory pathDan Walsh2013-10-242-0/+6
| | | | | | | | | | | | This allows us to specify under which the compiled policy file and context configuration files exist. We can use this with matchpathcon to check the labels under alternate policies, and we can use it for sepolicy manpage to build manpages during policy build.
| * Add missing man page for sefcontext_compileDan Walsh2013-10-241-0/+19
| |
| * Laurent Bigonville patch to fix various minor manpage issues and correct ↵Dan Walsh2013-10-2410-23/+40
| | | | | | | | section numbering.
* | Fix relabel target.Stephen Smalley2013-10-231-0/+2
| | | | | | | | Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
* | libselinux: Fix various minor manpage issues and correct section numbering.Laurent Bigonville2013-10-167-9/+9
| |
* | Current stable policycoreutils requires selinux_current_policy_pathSven Vermeulen2013-10-161-1/+6
|/ | | | | | | | | | Without this fix, stolen from Fedora's patchset, recent policycoreutils just fails. See http://marc.info/?t=136926404600001&r=1&w=2 and see http://marc.info/?l=selinux&m=136692033821285&w=2 Signed-off-by: Sven Vermeulen <sven.vermeulen@siphos.be>
* libselinux: man: context_new(3): fix the return value descriptionPádraig Brady2013-02-051-1/+7
| | | | | Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
* libselinux: man: Add references and man page links to _raw function variantsGuillem Jover2013-02-0538-0/+149
| | | | | | Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-13 13:53:10 +0000