PERFORCE change 113508 for review
Todd Miller
millert at FreeBSD.org
Thu Jan 25 15:11:55 UTC 2007
http://perforce.freebsd.org/chv.cgi?CH=113508
Change 113508 by millert at millert_macbook on 2007/01/25 15:11:29
Update to libselinux-1.34.0 from the NSA web site.
Affected files ...
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_add_callback.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_cache_stats.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_context_to_sid.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_has_perm.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_init.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/context_new.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/freecon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/get_ordered_context_list.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getcon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getexeccon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfilecon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfscreatecon.3#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getseuserbyname.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_context_customizable.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_selinux_enabled.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchmediacon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchpathcon.3#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_check_context.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_compute_av.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_getenforce.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_booleans.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_policy.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_policyvers.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_binary_policy_path.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_check_securetty_context.3#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_getenforcemode.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_policy_root.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_securetty_types_path.3#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/setfilecon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/avcstat.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getenforce.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getsebool.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/matchpathcon.8#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/selinuxenabled.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/setenforce.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/togglesebool.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/class_to_string.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/file_path_suffixes.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/sedarwin_config.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_check_securetty_context.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_config.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_internal.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getdefaultcon.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/matchpathcon.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/selinux_check_securetty_context.c#1 add
Differences ...
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#5 (text+ko) ====
@@ -1,3 +1,30 @@
+1.34.0 2007-01-18
+ * Updated version for stable branch.
+
+1.33.6 2007-01-17
+ * Merged man page updates to make "apropos selinux" work from Dan Walsh.
+
+1.33.5 2007-01-16
+ * Merged getdefaultcon utility from Dan Walsh.
+
+1.33.4 2007-01-11
+ * Merged selinux_check_securetty_context() and support from Dan Walsh.
+
+1.33.3 2007-01-04
+ * Merged patch for matchpathcon utility to use file mode information
+ when available from Dan Walsh.
+
+1.33.2 2006-11-27
+ * Merged patch to compile with -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offset table
+ limit. Patch changed to include libsepol and libsemanage in
+ addition to libselinux.
+
+1.33.1 2006-10-19
+ * Merged updated flask definitions from Darrel Goeddel.
+ This adds the context security class, and also adds
+ the string definitions for setsockcreate and polmatch.
+
1.32 2006-10-17
* Updated version for release.
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#5 (text+ko) ====
@@ -1,1 +1,1 @@
-1.32
+1.34.0
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#5 (text+ko) ====
@@ -438,7 +438,7 @@
#define PROCESS__EXECSTACK 0x04000000UL
#define PROCESS__EXECHEAP 0x08000000UL
#define PROCESS__SETKEYCREATE 0x10000000UL
-#define PROCESS__TASKFORPID 0x20000000UL
+#define PROCESS__SETSOCKCREATE 0x20000000UL
#define IPC__CREATE 0x00000001UL
#define IPC__DESTROY 0x00000002UL
#define IPC__GETATTR 0x00000004UL
@@ -895,18 +895,5 @@
#define KEY__LINK 0x00000010UL
#define KEY__SETATTR 0x00000020UL
#define KEY__CREATE 0x00000040UL
-#define MACH_PORT__RELABELFROM 0x00000001UL
-#define MACH_PORT__RELABELTO 0x00000002UL
-#define MACH_PORT__SEND 0x00000004UL
-#define MACH_PORT__RECV 0x00000008UL
-#define MACH_PORT__MAKE_SEND 0x00000010UL
-#define MACH_PORT__MAKE_SEND_ONCE 0x00000020UL
-#define MACH_PORT__COPY_SEND 0x00000040UL
-#define MACH_PORT__MOVE_SEND 0x00000080UL
-#define MACH_PORT__MOVE_SEND_ONCE 0x00000100UL
-#define MACH_PORT__MOVE_RECV 0x00000200UL
-#define MACH_PORT__HOLD_SEND 0x00000400UL
-#define MACH_PORT__HOLD_SEND_ONCE 0x00000800UL
-#define MACH_PORT__HOLD_RECV 0x00001000UL
-#define MACH_TASK__TERMINATE 0x00000001UL
-#define MACH_TASK__SET_SPECIAL_PORT 0x00000002UL
+#define CONTEXT__TRANSLATE 0x00000001UL
+#define CONTEXT__CONTAINS 0x00000002UL
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#4 (text+ko) ====
@@ -63,8 +63,7 @@
#define SECCLASS_APPLETALK_SOCKET 56
#define SECCLASS_PACKET 57
#define SECCLASS_KEY 58
-#define SECCLASS_MACH_PORT 59
-#define SECCLASS_MACH_TASK 60
+#define SECCLASS_CONTEXT 59
/*
* Security identifier indices for initial entities
@@ -96,8 +95,7 @@
#define SECINITSID_POLICY 25
#define SECINITSID_SCMP_PACKET 26
#define SECINITSID_DEVNULL 27
-#define SECINITSID_DEVFS 28
-#define SECINITSID_NUM 28
+#define SECINITSID_NUM 27
#endif
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#4 (text+ko) ====
@@ -40,16 +40,14 @@
extern int setcon_raw(security_context_t con);
/* Get context of process identified by pid, and
- set *con to refer to it. Caller must free via freecon.
- This has not been ported to SEBSD yet. */
-// extern int getpidcon(pid_t pid, security_context_t * con);
-// extern int getpidcon_raw(pid_t pid, security_context_t * con);
+ set *con to refer to it. Caller must free via freecon. */
+ extern int getpidcon(pid_t pid, security_context_t * con);
+ extern int getpidcon_raw(pid_t pid, security_context_t * con);
/* Get previous context (prior to last exec), and set *con to refer to it.
- Caller must free via freecon.
- This has not been ported to SEBSD yet.*/
-// extern int getprevcon(security_context_t * con);
-// extern int getprevcon_raw(security_context_t * con);
+ Caller must free via freecon. */
+ extern int getprevcon(security_context_t * con);
+ extern int getprevcon_raw(security_context_t * con);
/* Get exec context, and set *con to refer to it.
Sets *con to NULL if no exec context has been set, i.e. using default.
@@ -78,9 +76,10 @@
/* Get keycreate context, and set *con to refer to it.
Sets *con to NULL if no key create context has been set, i.e. using default.
- If non-NULL, caller must free via freecon. */
- extern int getkeycreatecon(security_context_t * con);
- extern int getkeycreatecon_raw(security_context_t * con);
+ If non-NULL, caller must free via freecon.
+ This has not been ported to SEBSD yet. */
+// extern int getkeycreatecon(security_context_t * con);
+// extern int getkeycreatecon_raw(security_context_t * con);
/* Set the keycreate security context for subsequent key creations.
Call with NULL if you want to reset to the default. */
@@ -150,16 +149,15 @@
struct av_decision *avd);
/* Compute a labeling decision and set *newcon to refer to it.
- Caller must free via freecon.
- This has not been ported to SEBSD yet. */
-// extern int security_compute_create(security_context_t scon,
-// security_context_t tcon,
-// security_class_t tclass,
-// security_context_t * newcon);
-// extern int security_compute_create_raw(security_context_t scon,
-// security_context_t tcon,
-// security_class_t tclass,
-// security_context_t * newcon);
+ Caller must free via freecon. */
+ extern int security_compute_create(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+ extern int security_compute_create_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
/* Compute a relabeling decision and set *newcon to refer to it.
Caller must free via freecon. */
@@ -173,16 +171,15 @@
security_context_t * newcon);
/* Compute a polyinstantiation member decision and set *newcon to refer to it.
- Caller must free via freecon.
- This has not been ported to SEBSD yet. */
-// extern int security_compute_member(security_context_t scon,
-// security_context_t tcon,
-// security_class_t tclass,
-// security_context_t * newcon);
-// extern int security_compute_member_raw(security_context_t scon,
-// security_context_t tcon,
-// security_class_t tclass,
-// security_context_t * newcon);
+ Caller must free via freecon. */
+ extern int security_compute_member(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+ extern int security_compute_member_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
/* Compute the set of reachable user contexts and set *con to refer to
the NULL-terminated array of contexts. Caller must free via freeconary. */
@@ -253,19 +250,16 @@
the active policy boolean configuration file. */
extern int security_load_booleans(char *path);
-/* Check the validity of a security context.
- * This has not been ported to SEBSD yet. */
-// extern int security_check_context(security_context_t con);
-// extern int security_check_context_raw(security_context_t con);
+/* Check the validity of a security context. */
+ extern int security_check_context(security_context_t con);
+ extern int security_check_context_raw(security_context_t con);
-/* Canonicalize a security context.
- * These are not fully implemented in SEBSD yet. At the moment
- * input = output. */
+/* Canonicalize a security context. */
extern int security_canonicalize_context(security_context_t con,
security_context_t * canoncon);
-// extern int security_canonicalize_context_raw(security_context_t con,
-// security_context_t *
-// canoncon);
+ extern int security_canonicalize_context_raw(security_context_t con,
+ security_context_t *
+ canoncon);
/* Get the enforce flag value. */
extern int security_getenforce(void);
@@ -316,7 +310,7 @@
validity of a context in the file contexts configuration. If not set,
then this defaults to a test based on security_check_context().
The function is also responsible for reporting any such error, and
- may include the 'path' and 'lineno' in such error messages. */
+ may include the 'path' and 'lineno' in such error messages. */
extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
unsigned lineno,
char *context));
@@ -324,7 +318,7 @@
/* Same as above, but also allows canonicalization of the context,
by changing *context to refer to the canonical form. If not set,
and invalidcon is also not set, then this defaults to calling
- security_canonicalize_context(). */
+ security_canonicalize_context(). */
extern void set_matchpathcon_canoncon(int (*f) (const char *path,
unsigned lineno,
char **context));
@@ -346,7 +340,7 @@
extern int matchpathcon_init(const char *path);
/* Same as matchpathcon_init, but only load entries with
- regexes that have stems that are prefixes of 'prefix'. */
+ regexes that have stems that are prefixes of 'prefix'. */
extern int matchpathcon_init_prefix(const char *path,
const char *prefix);
@@ -425,6 +419,7 @@
extern const char *selinux_homedir_context_path(void);
extern const char *selinux_media_context_path(void);
extern const char *selinux_contexts_path(void);
+ extern const char *selinux_securetty_types_path(void);
extern const char *selinux_booleans_path(void);
extern const char *selinux_customizable_types_path(void);
extern const char *selinux_users_path(void);
@@ -439,6 +434,11 @@
// extern int selinux_check_passwd_access(access_vector_t requested);
// extern int checkPasswdAccess(access_vector_t requested);
+/* Check if the tty_context is defined as a securetty
+ Return 0 if secure, < 0 otherwise. */
+ extern int selinux_check_securetty_context(security_context_t
+ tty_context);
+
/* Set the path to the selinuxfs mount point explicitly.
Normally, this is determined automatically during libselinux
initialization, but this is not always possible, e.g. for /sbin/init
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_add_callback.3#2 (text+ko) ====
@@ -3,7 +3,7 @@
.\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
.TH "avc_add_callback" "3" "9 June 2004" "" "SE Linux API documentation"
.SH "NAME"
-avc_add_callback \- additional event notification for userspace object managers.
+avc_add_callback \- additional event notification for SELinux userspace object managers.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.br
@@ -181,3 +181,4 @@
.BR avc_context_to_sid (3),
.BR avc_cache_stats (3),
.BR security_compute_av (3)
+.BR selinux (8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_cache_stats.3#2 (text+ko) ====
@@ -3,7 +3,7 @@
.\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
.TH "avc_cache_stats" "3" "27 May 2004" "" "SE Linux API documentation"
.SH "NAME"
-avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace AVC statistics.
+avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.br
@@ -96,3 +96,4 @@
.BR avc_has_perm (3),
.BR avc_context_to_sid (3),
.BR avc_add_callback (3)
+.BR selinux (8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_context_to_sid.3#2 (text+ko) ====
@@ -3,7 +3,7 @@
.\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
.TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation"
.SH "NAME"
-avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate security ID's.
+avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate SELinux security ID's.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.br
@@ -88,3 +88,4 @@
.BR avc_add_callback (3),
.BR getcon (3),
.BR freecon (3)
+.BR selinux (8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_has_perm.3#2 (text+ko) ====
@@ -152,3 +152,4 @@
.BR avc_cache_stats (3),
.BR avc_add_callback (3),
.BR security_compute_av (3)
+.BR selinux(8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_init.3#2 (text+ko) ====
@@ -3,7 +3,7 @@
.\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
.TH "avc_init" "3" "27 May 2004" "" "SE Linux API documentation"
.SH "NAME"
-avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace AVC setup and teardown.
+avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.br
@@ -209,3 +209,5 @@
.BR avc_cache_stats (3),
.BR avc_add_callback (3),
.BR security_compute_av (3)
+.BR selinux (8)
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/context_new.3#2 (text+ko) ====
@@ -56,3 +56,6 @@
On success, zero is returned. On failure, -1 is returned and errno is
set appropriately.
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/freecon.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "freecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-freecon, freeconary \- free memory associated with SE Linux security contexts.
+freecon, freeconary \- free memory associated with SELinux security contexts.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -14,3 +14,7 @@
.B freeconary
frees the memory allocated for a context array.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/get_ordered_context_list.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "get_ordered_context_list" "3" "1 January 2004" "russell at coker.com.au" "SE Linux"
.SH "NAME"
-get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions
+get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -77,4 +77,4 @@
The other functions return 0 for success or -1 for errors.
.SH "SEE ALSO"
-.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
+.BR selinux "(8), " freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getcon.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "getcon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-getcon, getprevcon, getpidcon \- get SE Linux security context of a process.
+getcon, getprevcon, getpidcon \- get SELinux security context of a process.
.br
getpeercon - get security context of a peer socket.
.br
@@ -59,4 +59,4 @@
On error -1 is returned. On success 0 is returned.
.SH "SEE ALSO"
-.BR freecon "(3), " setexeccon "(3)"
+.BR selinux "(8), " freecon "(3), " setexeccon "(3)"
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getexeccon.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-getexeccon, setexeccon \- get or set the SE Linux security context used for executing a new process.
+getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
.br
rpm_execcon \- run a helper for rpm in an appropriate security context
@@ -55,6 +55,6 @@
rpm_execcon only returns upon errors, as it calls execve(2).
.SH "SEE ALSO"
-.BR freecon "(3), " getcon "(3)"
+.BR selinux "(8), " freecon "(3), " getcon "(3)"
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfilecon.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "getfilecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-getfilecon, fgetfilecon, lgetfilecon \- get SE Linux security context of a file
+getfilecon, fgetfilecon, lgetfilecon \- get SELinux security context of a file
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -40,4 +40,4 @@
here.
.SH "SEE ALSO"
-.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfscreatecon.3#3 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "getfscreatecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-getfscreatecon, setfscreatecon \- get or set the SE Linux security context used for creating a new file system object.
+getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -35,4 +35,4 @@
On success 0 is returned.
.SH "SEE ALSO"
-.BR freecon "(3), " getcon "(3), " getexeccon "(3)"
+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getseuserbyname.3#2 (text+ko) ====
@@ -23,3 +23,6 @@
The errors documented for the stat(2) system call are also applicable
here.
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_context_customizable.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "is_context_customizable" "3" "10 January 2005" "dwalsh at redhat.com" "SELinux API documentation"
.SH "NAME"
-is_context_customizable \- check whether context type is customizable by the administrator.
+is_context_customizable \- check whether SELinux context type is customizable by the administrator.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -20,3 +20,6 @@
.SH "FILE"
/etc/selinux/SELINUXTYPE/context/customizable_types
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_selinux_enabled.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "is_selinux_enabled" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-is_selinux_enabled \- check whether SE Linux is enabled
+is_selinux_enabled \- check whether SELinux is enabled
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -9,3 +9,7 @@
.SH "DESCRIPTION"
.B is_selinux_enabled
returns 1 if SE Linux is running or 0 if it is not. May change soon.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchmediacon.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "matchmediacon" "3" "15 November 2004" "dwalsh at redhat.com" "SE Linux API documentation"
.SH "NAME"
-matchmediacon \- get the default security context for the specified mediatype from the policy.
+matchmediacon \- get the default SELinux security context for the specified mediatype from the policy.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -23,4 +23,4 @@
/etc/selinux/POLICYTYPE/contexts/files/media
.SH "SEE ALSO"
-.BR freecon "(3)
+.BR selinux "(8), " freecon "(3)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchpathcon.3#3 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "matchpathcon" "3" "16 March 2005" "sds at tycho.nsa.gov" "SE Linux API documentation"
.SH "NAME"
-matchpathcon \- get the default security context for the specified path from the file contexts configuration.
+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -117,4 +117,4 @@
Returns 0 on success or -1 otherwise.
.SH "SEE ALSO"
-.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_check_context.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "security_check_context" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-security_check_context \- check the validity of a context
+security_check_context \- check the validity of a SELinux context
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -10,3 +10,7 @@
.B security_check_context
returns 0 if SE Linux is running and the context is valid, otherwise it
returns -1.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_compute_av.3#2 (text+ko) ====
@@ -1,7 +1,7 @@
.TH "security_compute_av" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
security_compute_av, security_compute_create, security_compute_relabel, security_compute_user \- query
-the SE Linux policy database in the kernel.
+the SELinux policy database in the kernel.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -51,4 +51,4 @@
0 for success and on error -1 is returned.
.SH "SEE ALSO"
-.BR getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
+.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_getenforce.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "security_getenforce" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-security_getenforce, security_setenforce \- get or set the enforcing state of SE Linux
+security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -17,3 +17,7 @@
sets SE Linux to enforcing mode if the value 1 is passed in, and sets it to
permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_booleans.3#2 (text+ko) ====
@@ -56,4 +56,4 @@
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
.SH "SEE ALSO"
-getsebool(8), booleans(8), togglesebool(8)
+selinux(8), getsebool(8), booleans(8), togglesebool(8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_policy.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "security_load_policy" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-security_load_policy \- load a new policy
+security_load_policy \- load a new SELinux policy
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -9,3 +9,7 @@
.SH "DESCRIPTION"
.B security_load_policy
loads a new policy, returns 0 for success and -1 for error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_policyvers.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "security_policyvers" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-security_policyvers \- get the version of the SE Linux policy
+security_policyvers \- get the version of the SELinux policy
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -10,3 +10,7 @@
.B security_policyvers
returns the version of the policy (a positive integer) on success, or -1 on
error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_binary_policy_path.3#2 (text+ko) ====
@@ -4,7 +4,7 @@
selinux_failsafe_context_path, selinux_removable_context_path,
selinux_default_context_path, selinux_user_contexts_path,
selinux_file_context_path, selinux_media_context_path,
-selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active policy configuration
+selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration
directories and files.
.SH "SYNOPSIS"
@@ -27,6 +27,8 @@
.br
extern const char *selinux_media_context_path(void);
.br
+extern const char *selinux_securetty_types_path(void);
+.br
extern const char *selinux_contexts_path(void);
.br
extern const char *selinux_booleans_path(void);
@@ -56,8 +58,13 @@
.sp
selinux_contexts_path() - directory containing all of the context configuration files
.sp
+selinux_securetty_types_path() - defines tty types for newrole securettys
+.sp
selinux_booleans_path() - initial policy boolean settings
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_getenforcemode.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh at redhat.com" "SE Linux API documentation"
.SH "NAME"
-selinux_getenforcemode \- get the enforcing state of SE Linux
+selinux_getenforcemode \- get the enforcing state of SELinux
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
@@ -19,4 +19,7 @@
On success, zero is returned.
On failure, -1 is returned.
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_policy_root.3#2 (text+ko) ====
@@ -14,4 +14,7 @@
On success, returns a directory path containing the SELinux policy files.
On failure, NULL is returned.
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/setfilecon.3#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "setfilecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
.SH "NAME"
-setfilecon, fsetfilecon, lsetfilecon \- set SE Linux security context of a file
+setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -38,4 +38,4 @@
here.
.SH "SEE ALSO"
-.BR freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(3), " freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/avcstat.8#2 (text+ko) ====
@@ -22,6 +22,9 @@
.B \-f
Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'.
+.SH "SEE ALSO"
+selinux(8)
+
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
The program was written by James Morris <jmorris at redhat.com>.
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getenforce.8#2 (text+ko) ====
@@ -12,4 +12,4 @@
Dan Walsh, <dwalsh at redhat.com>
.SH "SEE ALSO"
-setenforce(8), selinuxenabled(8)
+selinux(8), setenforce(8), selinuxenabled(8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getsebool.8#2 (text+ko) ====
@@ -26,9 +26,10 @@
.B \-a
Show all SELinux booleans.
+.SH "SEE ALSO"
+selinux(8), setsebool(8), booleans(8)
+
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
The program was written by Tresys Technology.
-.SH "SEE ALSO"
-setsebool(8), booleans(8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/matchpathcon.8#3 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "matchpathcon" "8" "21 April 2005" "dwalsh at redhat.com" "SE Linux Command Line documentation"
.SH "NAME"
-matchpathcon \- get the default security context for the specified path from the file contexts configuration.
+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
.SH "SYNOPSIS"
.B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
@@ -27,4 +27,5 @@
This manual page was written by Dan Walsh <dwalsh at redhat.com>.
.SH "SEE ALSO"
+.BR selinux "(8), "
.BR mathpathcon "(3), "
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/selinuxenabled.8#2 (text+ko) ====
@@ -13,4 +13,4 @@
Dan Walsh, <dwalsh at redhat.com>
.SH "SEE ALSO"
-setenforce(8), getenforce(8)
+selinux(8), setenforce(8), getenforce(8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/setenforce.8#2 (text+ko) ====
@@ -17,7 +17,7 @@
Dan Walsh, <dwalsh at redhat.com>
.SH "SEE ALSO"
-getenforce(8), selinuxenabled(8)
+selinux(8), getenforce(8), selinuxenabled(8)
.SH FILES
/etc/grub.conf, /etc/selinux/config
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/togglesebool.8#2 (text+ko) ====
@@ -1,6 +1,6 @@
.TH "togglesebool" "1" "26 Oct 2004" "sgrubb at redhat.com" "SELinux Command Line documentation"
.SH "NAME"
-togglesebool \- flip the current value of a boolean
+togglesebool \- flip the current value of a SELinux boolean
.SH "SYNOPSIS"
.B togglesebool boolean...
@@ -14,4 +14,4 @@
This man page was written by Steve Grubb <sgrubb at redhat.com>
.SH "SEE ALSO"
-booleans(8), getsebool(8), setsebool(8)
+selinux(8), booleans(8), getsebool(8), setsebool(8)
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#7 (text+ko) ====
@@ -13,7 +13,8 @@
getfilecon.o getpeercon.o getpidcon.o getprevcon.o init.o \
is_customizable_type.o lgetfilecon.o load_migscs.o load_policy.o \
lsetfilecon.o matchmediacon.o matchpathcon.o policyvers.o \
- query_user_context.o sedarwin_config.o setcon.o setenforce.o \
+ query_user_context.o sedarwin_config.o \
+ selinux_check_securetty_context.o setcon.o setenforce.o \
setfilecon.o setrans_client.o seusers.o
# The following require kernel support for fs and exec contexts
==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#4 (text+ko) ====
@@ -1,269 +1,269 @@
/* This file is automatically generated. Do not edit. */
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
- S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
- S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
- S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
- S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
- S_(SECCLASS_DIR, DIR__SEARCH, "search")
- S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
- S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
- S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
- S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
- S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
- S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
- S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
- S_(SECCLASS_FD, FD__USE, "use")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
- S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect")
- S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
- S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
- S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
- S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
- S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
- S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
- S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
- S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
- S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
- S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
- S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
- S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
- S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
- S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
- S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
- S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
- S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
- S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
- S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
- S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
- S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
- S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
- S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
- S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
- S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
- S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
- S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
- S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
- S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
- S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
- S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
- S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
- S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
- S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
- S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
- S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
- S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
- S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
- S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
- S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
- S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
- S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
- S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
- S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
- S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
- S_(SECCLASS_PROCESS, PROCESS__TASKFORPID, "taskforpid")
- S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
- S_(SECCLASS_MSG, MSG__SEND, "send")
- S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
- S_(SECCLASS_SHM, SHM__LOCK, "lock")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
- S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
- S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
- S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
- S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
- S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
- S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
- S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot")
- S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
- S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
- S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
- S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
- S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
- S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
- S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
- S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
- S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
- S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
- S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
- S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
- S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the trustedbsd-cvs
mailing list