RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux/libselinux/man/man5/selabel_file.5

221 lines
9.1 KiB
Groff
Raw Normal View History

initial import from svn trunk revision 2950
2008-08-19 19:30:36 +00:00
.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.TH "selabel_file" "5" "01 Dec 2011" "Security Enhanced Linux" "SELinux API documentation"
initial import from svn trunk revision 2950
2008-08-19 19:30:36 +00:00
.SH "NAME"
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
selabel_file \- userspace SELinux labeling interface and configuration file format for the file contexts backend
.
initial import from svn trunk revision 2950
2008-08-19 19:30:36 +00:00
.SH "SYNOPSIS"
.B #include <selinux/label.h>
.sp
.BI "int selabel_lookup(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
Get rid of security_context_t and fix const declarations. In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com>
2014-02-19 14:16:17 +00:00
.BI "char **" context ,
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.br
.BI "const char *" path ", int " mode ");"
.in
.sp
.BI "int selabel_lookup_raw(struct selabel_handle *" hnd ,
.in +\w'int selabel_lookup('u
Get rid of security_context_t and fix const declarations. In attempting to enable building various part of Android with -Wall -Werror, we found that the const security_context_t declarations in libselinux are incorrect; const char * was intended, but const security_context_t translates to char * const and triggers warnings on passing const char * from the caller. Easiest fix is to replace them all with const char *. And while we are at it, just get rid of all usage of security_context_t itself as it adds no value - there is no true encapsulation of the security context strings and callers already directly use string functions on them. typedef left to permit building legacy users until such a time as all are updated. This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7 from Android, augmented to deal with all of the other code in upstream libselinux and updating the man pages too. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Eric Paris <eparis@redhat.com>
2014-02-19 14:16:17 +00:00
.BI "char **" context ,
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.br
initial import from svn trunk revision 2950
2008-08-19 19:30:36 +00:00
.BI "const char *" path ", int " mode ");"
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
.
initial import from svn trunk revision 2950
2008-08-19 19:30:36 +00:00
.SH "DESCRIPTION"
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
The file contexts backend maps from pathname/mode combinations into security contexts. It is used to find the appropriate context for each file when relabeling a file system. The returned \fIcontext\fR must be freed using \fBfreecon\fR(3).
.br
\fBselabel_lookup\fR(3) describes the function with its return and error codes, however the following \fIerrno\fR is clarified further for the file contexts backend:
.RS
.TP
.B ENOENT
No context corresponding to the \fIpath\fR and \fImode\fR was found - This will also be returned when the file contexts series of files have a context of \fB<<none>>\fR against the \fIpath\fR (see the \fBFILE FORMAT\fR section).
.RE
.sp
The \fIpath\fR argument should be set to the full pathname of the file whose assigned context is being checked. The \fImode\fR argument should be set to the mode bits of the file, as determined by \fBlstat\fR(2). \fImode\fR may be zero, however full matching may not occur.
.sp
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
Any messages generated by \fBselabel_lookup\fR(3) are sent to \fIstderr\fR
by default, although this can be changed by \fBselinux_set_callback\fR(3).
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.sp
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
.BR selabel_lookup_raw (3)
behaves identically to \fBselabel_lookup\fR(3) but does not perform context
translation.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.sp
The \fBFILES\fR section details the configuration files used to determine a file context.
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
.
initial import from svn trunk revision 2950
2008-08-19 19:30:36 +00:00
.SH "OPTIONS"
In addition to the global options described in
.BR selabel_open (3),
this backend recognizes the following options:
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.RS
initial import from svn trunk revision 2950
2008-08-19 19:30:36 +00:00
.TP
.B SELABEL_OPT_PATH
A non-null value for this option specifies a path to a file that will be opened in lieu of the standard file contexts file. This value is also used as the base name for determining the names of local customization files.
.TP
.B SELABEL_OPT_BASEONLY
A non-null value for this option indicates that any local customizations to the file contexts mapping should be ignored.
.TP
.B SELABEL_OPT_SUBSET
libselinux: matchpathcon/selabel_file: Fix man pages. As discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1219718, there are several inconsistencies between the matchpathcon man page and the implementation. The same is true of the SELABEL_OPT_SUBSET option for the selabel_file backend. Fix the man pages for both. Also note in the man pages that the entire matchpathcon family of functions is deprecated and recommend use of the corresponding selabel interfaces for new code. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-11 13:53:37 +00:00
A non-null value for this option is interpreted as a path prefix, for example "/etc". Only file context specifications with starting with a first component that prefix matches the given prefix are loaded. This may increase lookup performance, however any attempt to look up a path not starting with the given prefix may fail. This optimization is no longer required due to the use of
.I file_contexts.bin
files and is deprecated.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.RE
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.SH "FILES"
The file context files used to retrieve the default context depends on the \fBSELABEL_OPT_PATH\fR parameter passed to \fBselabel_open\fR(3). If \fINULL\fR, then the \fBSELABEL_OPT_PATH\fR value will default to the active policy file contexts location (as returned by \fBselinux_file_context_path\fR(3)), otherwise the actual \fBSELABEL_OPT_PATH\fR value specified is used.
.sp
If \fBSELABEL_OPT_BASEONLY\fR is set, then the following files will be processed:
.RS
.IP "1." 4
The mandatory file contexts file that is either the fully qualified file name from \fISELABEL_OPT_PATH.value\fR or if \fINULL\fR, then the path returned by \fBselinux_file_context_path\fR(3).
.IP "2." 4
libselinux: improve the file_contexts.5 manual page Manual page improvements for the file_contexts and related policy configuration files (section 5): - create links to selabel_file.5 not only for file_contexts.5 but also for the other optional policy configuration files (including the so-called file contexts "substitution" files); - clarify the above mentioned manual page(s), in particular relatively to the action performed by the so-called file contexts "substitution" policy configuration files (aliasing/equivalence versus substitution); - improve the explanation of the form that the "substitution" files shall have. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2012-08-20 10:15:13 +00:00
The optional local and distribution substitution files that perform path aliasing on the 'in memory' version of the file contexts file.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.br
These files have the same name as the mandatory file contexts file with the extensions \fI.subs\fR and \fI.subs_dist\fR added.
.RE
.sp
If the \fBSELABEL_OPT_BASEONLY\fR is not set, then the following files will be processed:
.RS
.IP "1." 4
The mandatory file contexts file that is either the fully qualified file name from \fISELABEL_OPT_PATH.value\fR or if \fINULL\fR, then the path returned by \fBselinux_file_context_path\fR(3).
.IP "2." 4
The optional local customizations file that has the same name as the mandatory file contexts file with the extension \fI.local\fR added.
.br
\fBselinux_file_context_local_path\fR(3) will return the default path to this file.
.IP "3." 4
The optional user home directory customizations file that has the same name as the mandatory file contexts file with the extension \fI.homedirs\fR added.
.br
\fBselinux_file_context_homedir_path\fR(3) will return the default path to this file.
.IP "4." 4
libselinux: improve the file_contexts.5 manual page Manual page improvements for the file_contexts and related policy configuration files (section 5): - create links to selabel_file.5 not only for file_contexts.5 but also for the other optional policy configuration files (including the so-called file contexts "substitution" files); - clarify the above mentioned manual page(s), in particular relatively to the action performed by the so-called file contexts "substitution" policy configuration files (aliasing/equivalence versus substitution); - improve the explanation of the form that the "substitution" files shall have. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2012-08-20 10:15:13 +00:00
The optional local and distribution substitution files that perform any path aliasing on the 'in memory' version of the file contexts file (and the \fI.local\fR and/or \fI.homedirs\fR if present). These files have the same name as the mandatory file contexts file with the extensions \fI.subs\fR and \fI.subs_dist\fR added.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.br
\fBselinux_file_context_subs_path\fR(3) and \fBselinux_file_context_subs_dist_path\fR(3) will return the default paths to these files.
.RE
.sp
The default file context series of files are:
.RS
.I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts
.br
.I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.local
.br
.I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.homedirs
.br
.I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.subs
.br
.I /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.subs_dist
.RE
.sp
Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
.sp
Only the \fIfile_contexts\fR file is mandatory, the remainder are optional.
.sp
The entries within the file contexts series of files are shown in the \fBFILE FORMAT\fR section.
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.SH "FILE FORMAT"
.sp
.SH "File Contexts Format"
.sp
Each line within the \fIfile_contexts\fR and the two customization files (\fI.local\fR and \fI.homedirs\fR) is as follows:
.sp
.RS
.I pathname [file_type] context
.RE
.sp
Where:
.br
.RS
.I pathname
.RS
An entry that defines the pathname that may be in the form of a regular expression.
.RE
.I file_type
.RS
An optional file type consisting of:
.RS
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
\fI\-b\fR - Block Device \fI\-c\fR - Character Device
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.br
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
\fI\-d\fR - Directory \fI\-p\fR - Named Pipe
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.br
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
\fI\-l\fR - Symbolic Link \fI\-s\fR - Socket
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.br
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
\fI\-\-\fR - Ordinary file
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.RE
.RE
.I context
.RS
This entry can be either:
.RS
.IP "a." 4
The security context that will be assigned to the file (i.e. returned as \fIcontext\fR).
.IP "b." 4
A value of \fB<<none>>\fR can be used to indicate that the matching files should not be re-labeled and causes \fBselabel_lookup\fR(3) to return \-1 with \fIerrno\fR set to \fBENOENT\fR.
.RE
.RE
.RE
.sp
Example:
.RS
# ./contexts/files/file_contexts
.br
# pathname file_type context
.br
/.* system_u:object_r:default_t:s0
.br
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
/[^/]+ \-\- system_u:object_r:etc_runtime_t:s0
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.br
/tmp/.* <<none>>
.RE
.sp
.SH "Substitution File Format"
.sp
libselinux: improve the file_contexts.5 manual page Manual page improvements for the file_contexts and related policy configuration files (section 5): - create links to selabel_file.5 not only for file_contexts.5 but also for the other optional policy configuration files (including the so-called file contexts "substitution" files); - clarify the above mentioned manual page(s), in particular relatively to the action performed by the so-called file contexts "substitution" policy configuration files (aliasing/equivalence versus substitution); - improve the explanation of the form that the "substitution" files shall have. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2012-08-20 10:15:13 +00:00
Each line within the substitution files (\fI.subs\fR and \fI.subs_dist\fR) has the form:
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.RS
libselinux: improve the file_contexts.5 manual page Manual page improvements for the file_contexts and related policy configuration files (section 5): - create links to selabel_file.5 not only for file_contexts.5 but also for the other optional policy configuration files (including the so-called file contexts "substitution" files); - clarify the above mentioned manual page(s), in particular relatively to the action performed by the so-called file contexts "substitution" policy configuration files (aliasing/equivalence versus substitution); - improve the explanation of the form that the "substitution" files shall have. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2012-08-20 10:15:13 +00:00
.I subs_pathname pathname
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.RE
.sp
Where:
.RS
.I pathname
.RS
libselinux: improve the file_contexts.5 manual page Manual page improvements for the file_contexts and related policy configuration files (section 5): - create links to selabel_file.5 not only for file_contexts.5 but also for the other optional policy configuration files (including the so-called file contexts "substitution" files); - clarify the above mentioned manual page(s), in particular relatively to the action performed by the so-called file contexts "substitution" policy configuration files (aliasing/equivalence versus substitution); - improve the explanation of the form that the "substitution" files shall have. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2012-08-20 10:15:13 +00:00
A path that matches an entry in one or more of the file contexts policy configuration file.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.RE
.I subs_pathname
.RS
libselinux: improve the file_contexts.5 manual page Manual page improvements for the file_contexts and related policy configuration files (section 5): - create links to selabel_file.5 not only for file_contexts.5 but also for the other optional policy configuration files (including the so-called file contexts "substitution" files); - clarify the above mentioned manual page(s), in particular relatively to the action performed by the so-called file contexts "substitution" policy configuration files (aliasing/equivalence versus substitution); - improve the explanation of the form that the "substitution" files shall have. Signed-off-by: Guido Trentalancia <guido@trentalancia.com> Signed-off-by: Eric Paris <eparis@redhat.com>
2012-08-20 10:15:13 +00:00
The path that will be aliased (considered equivalent) with pathname by the look up process.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.RE
.RE
.sp
Example:
.RS
# ./contexts/files/file_contexts.subs
.br
# pathname subs_pathname
.br
/myweb /var/www
.br
/myspool /var/spool/mail
.sp
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
Using the above example, when \fBselabel_lookup\fR(3) is passed a path of
\fI/myweb/index.html\fR the function will substitute the \fI/myweb\fR
component with \fI/var/www\fR, therefore the path used is:
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.sp
.RS
.I /var/www/index.html
.RE
.RE
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.SH "NOTES"
.IP "1." 4
If contexts are to be validated, then the global option \fBSELABEL_OPT_VALIDATE\fR must be set before calling \fBselabel_open\fR(3). If this is not set, then it is possible for an invalid context to be returned.
.IP "2." 4
If the size of file contexts series of files contain many entries, then \fBselabel_open\fR(3) may have a delay as it reads in the files, and if
libselinux: matchpathcon/selabel_file: Fix man pages. As discussed in https://bugzilla.redhat.com/show_bug.cgi?id=1219718, there are several inconsistencies between the matchpathcon man page and the implementation. The same is true of the SELABEL_OPT_SUBSET option for the selabel_file backend. Fix the man pages for both. Also note in the man pages that the entire matchpathcon family of functions is deprecated and recommend use of the corresponding selabel interfaces for new code. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2015-05-11 13:53:37 +00:00
requested validates the entries.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.IP "3." 4
Depending on the version of SELinux it is possible that a \fIfile_contexts.template\fR file may also be present, however this is now deprecated.
.br
The template file has the same format as the \fIfile_contexts\fR file and may also contain the keywords \fBHOME_ROOT\fR, \fBHOME_DIR\fR, \fBROLE\fR and \fBUSER\fR. This functionality has now been moved to the policy store and managed by \fBsemodule\fR(8) and \fBgenhomedircon\fR(8).
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
.
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.SH "SEE ALSO"
libselinux: man: Fix man pages formatting - Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2012-11-13 20:15:34 +00:00
.ad l
.nh
libselinux: Updated selabel_file(5) man page Updated selabel_file(5) with file context configuration file format and added file_contexts(5) man page that links to it. selabel_file(5) also describes the .local, .homedirs, .subs and .subs_dist configuration file formats. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
2011-12-01 16:22:05 +00:00
.BR selinux "(8), " selabel_open "(3), " selabel_lookup "(3), " selabel_stats "(3), " selabel_close "(3), " selinux_set_callback "(3), " selinux_file_context_path "(3), " freecon "(3), " selinux_config "(5), " lstat "(2), "selinux_file_context_subs_path "(3), " selinux_file_context_subs_dist_path "(3), " selinux_file_context_homedir_path "(3), "selinux_file_context_local_path "(3), " semodule "(8), " genhomedircon "(8) "