- Add man page sections '(N)' to external references, and '()' on
functions described in the same man page.
- Escape minus signs when those are expected to be used on the command
line or files.
- Mark files and variables in italic; Note headings, function names,
constants, program options and man page references in bold.
- Do not justify and hyphenate SEE ALSO section, and avoid hyphenation
on symbol names by prepending them with \%.
- Remove trailing dot from NAME section description.
- Split sections with a no-op command '.', to visually distinguish them
but to avoid introducing spurious vertical space in the formatted
output.
- Add explicit .sp commands in the SYNOPSIS section between function
prototypes, and fix space placement in function protoypes.
- Split header includes with .br (instead of the explicit or implicit
.sp) so that they are vertically contiguous.
- Add missing {} around SELINUXTYPE and POLICYTYPE variable text in
paths.
- Remove unneeded formatting commands.
- Remove spurious blank lines.
Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
avc_open() creates the netlink socket in nonblocking mode. If the
application later takes control of the netlink socket with
avc_netlink_acquire_fd() and then calls avc_netlink_loop(), it
will fail with EWOULDBLOCK.
To remedy this, remove the O_NONBLOCK flag from the netlink socket
at the start of avc_netlink_loop(). Also, with this fix, there is
no need for avc_open() to ever create a blocking socket, so change
that and update the man page.
-v2: use poll() in avc_netlink_check_nb(). This makes both
avc_netlink_loop() and avc_netlink_check_nb() independent of the
O_NONBLOCK flag.
-v3: move poll() to avc_receive() internal function; patch by
KaiGai Kohei <kaigai@kaigai.gr.jp>
Signed-off-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
messages via netlink socket from SELinux.
* Two new callbacks were added to selinux_set_callback(3)
- SELINUX_CB_SETENFORCE
is invoked when it got SELNL_MSG_SETENFORCE message in the
avc_netlink_process().
- SELINUX_CB_POLICYLOAD
is invoked when it got SELNL_MSG_POLICYLOAD message in the
avc_netlink_process().
* Three functions were exposed to applications.
- int avc_netlink_open(int blocking);
- void avc_netlink_loop(void);
- void avc_netlink_close(void);
Due to a few reasons, SE-PostgreSQL implements its own userspace
avc, so it needs to copy and paste some of avc_internal.c.
This update enables to share common part from such kind of application.
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>