libselinux: selinux_restorecon.3 man page corrections.

Fix typo's and clarify usage.

Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
This commit is contained in:
Richard Haines 2016-02-21 15:35:29 +00:00 committed by Stephen Smalley
parent 6c20534b6f
commit 945cad865a

View File

@ -6,7 +6,7 @@ selinux_restorecon \- restore file(s) default SELinux security contexts
.SH "SYNOPSIS" .SH "SYNOPSIS"
.B #include <selinux/restorecon.h> .B #include <selinux/restorecon.h>
.sp .sp
.BI "int selinux_restorecon(const char **" pathname , .BI "int selinux_restorecon(const char *" pathname ,
.in +\w'int selinux_restorecon('u .in +\w'int selinux_restorecon('u
.br .br
.BI "unsigned int " restorecon_flags ");" .BI "unsigned int " restorecon_flags ");"
@ -14,7 +14,10 @@ selinux_restorecon \- restore file(s) default SELinux security contexts
. .
.SH "DESCRIPTION" .SH "DESCRIPTION"
.BR selinux_restorecon () .BR selinux_restorecon ()
restores file default security contexts based on: restores file default security contexts on filesystems that support extended
attributes (see
.BR xattr (7)),
based on:
.sp .sp
.RS .RS
.IR pathname .IR pathname
@ -40,7 +43,7 @@ flag set. If any of the specfiles had been updated, the digest
will also be updated. However if the digest is the same, no relabeling checks will also be updated. However if the digest is the same, no relabeling checks
will take place (unless the will take place (unless the
.B SELINUX_RESTORECON_IGNORE_DIGEST .B SELINUX_RESTORECON_IGNORE_DIGEST
is set). flag is set).
.sp .sp
.IR restorecon_flags .IR restorecon_flags
contains the labeling option/rules as follows: contains the labeling option/rules as follows:
@ -53,7 +56,7 @@ specfiles SHA1 digest. The specfiles digest will be written to the
.IR security.restorecon_last .IR security.restorecon_last
extended attribute once relabeling has been completed successfully provided the extended attribute once relabeling has been completed successfully provided the
.B SELINUX_RESTORECON_NOCHANGE .B SELINUX_RESTORECON_NOCHANGE
has not been set. flag has not been set.
.sp .sp
.B SELINUX_RESTORECON_NOCHANGE .B SELINUX_RESTORECON_NOCHANGE
don't change any file labels (passive check) or update the digest in the don't change any file labels (passive check) or update the digest in the
@ -62,7 +65,7 @@ extended attribute.
.sp .sp
.B SELINUX_RESTORECON_SET_SPECFILE_CTX .B SELINUX_RESTORECON_SET_SPECFILE_CTX
If set, reset the files label to match the default specfile context. If set, reset the files label to match the default specfile context.
if not set only reset the files "type" component of the context to match the If not set only reset the files "type" component of the context to match the
default specfile context. default specfile context.
.br .br
@ -114,8 +117,8 @@ to set the handle to be used by
.sp .sp
If the If the
.I pathname .I pathname
is a directory path, then it is possible to set files/directories to be exluded is a directory path, then it is possible to set files/directories to be
from the path by calling excluded from the path by calling
.BR selinux_restorecon_set_exclude_list (3) .BR selinux_restorecon_set_exclude_list (3)
with a with a
.B NULL .B NULL
@ -177,15 +180,20 @@ is not set).
.B /sys .B /sys
and in-memory filesystems do not support the and in-memory filesystems do not support the
.IR security.restorecon_last .IR security.restorecon_last
extended attribute. extended attribute and are automatically excluded from any relabeling checks.
.sp .sp
.BR selinux_restorecon () .BR selinux_restorecon ()
does not check whether the mounted filesystems support the does not check whether mounted filesystems support the
.B seclabel .B seclabel
option. These should be set by the caller by option (i.e. support extended attributes as described in
.BR xattr (7)).
To exclude these filesystems from any relabeling checks
.BR selinux_restorecon_set_exclude_list (3) .BR selinux_restorecon_set_exclude_list (3)
in the should be called prior to
.IR exclude_list . .BR selinux_restorecon ()
with a NULL terminated
.IR exclude_list
of these filesystems.
. .
.SH "SEE ALSO" .SH "SEE ALSO"
.BR selinux_restorecon_set_sehandle (3), .BR selinux_restorecon_set_sehandle (3),