RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-12 17:15:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
6ef13eeda7
selinux/libselinux/man/man3/getcon.3
Guillem Jover 6ef13eeda7 libselinux: man: Fix man pages formatting 
- Add man page sections '(N)' to external references, and '()' on
  functions described in the same man page.
- Escape minus signs when those are expected to be used on the command
  line or files.
- Mark files and variables in italic; Note headings, function names,
  constants, program options and man page references in bold.
- Do not justify and hyphenate SEE ALSO section, and avoid hyphenation
  on symbol names by prepending them with \%.
- Remove trailing dot from NAME section description.
- Split sections with a no-op command '.', to visually distinguish them
  but to avoid introducing spurious vertical space in the formatted
  output.
- Add explicit .sp commands in the SYNOPSIS section between function
  prototypes, and fix space placement in function protoypes.
- Split header includes with .br (instead of the explicit or implicit
  .sp) so that they are vertically contiguous.
- Add missing {} around SELINUXTYPE and POLICYTYPE variable text in
  paths.
- Remove unneeded formatting commands.
- Remove spurious blank lines.

Signed-off-by: Guillem Jover <guillem@debian.org>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
2013-02-05 20:14:43 -05:00

100 lines
2.7 KiB
Groff
Raw Blame History

.TH "getcon" "3" "21 December 2011" "russell@coker.com.au" "SELinux API documentation"
.SH "NAME"
getcon, getprevcon, getpidcon \- get SELinux security context of a process
freecon, freeconary \- free memory associated with SELinux security contexts
getpeercon \- get security context of a peer socket
setcon \- set current security context of a process
.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int getcon(security_context_t *" context );
.sp
.BI "int getprevcon(security_context_t *" context );
.sp
.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
.sp
.BI "int getpeercon(int " fd ", security_context_t *" context );
.sp
.BI "void freecon(security_context_t "con );
.sp
.BI "void freeconary(security_context_t *" con );
.sp
.BI "int setcon(security_context_t " context );
.
.SH "DESCRIPTION"
.BR getcon ()
retrieves the context of the current process, which must be free'd with
freecon.
.BR getprevcon ()
same as getcon but gets the context before the last exec.
.BR getpidcon ()
returns the process context for the specified PID.
.BR getpeercon ()
retrieves context of peer socket, and set
.BI * context
to refer to it, which must be free'd with
.BR freecon ().
.BR freecon ()
frees the memory allocated for a security context.
.BR freeconary ()
frees the memory allocated for a context array.
If
.I con
is NULL, no operation is performed.
.BR setcon ()
sets the current security context of the process to a new value. Note
that use of this function requires that the entire application be
trusted to maintain any desired separation between the old and new
security contexts, unlike exec-based transitions performed via
.BR setexeccon (3).
When possible, decompose your application and use
.BR setexeccon (3)
and
.BR execve (3)
instead.
Since access to file descriptors is revalidated upon use by SELinux,
the new context must be explicitly authorized in the policy to use the
descriptors opened by the old context if that is desired. Otherwise,
attempts by the process to use any existing descriptors (including
.IR stdin ,
.IR stdout ,
and
.IR stderr )
after performing the
.BR setcon ()
will fail.
A multi-threaded application can perform a
.BR setcon ()
prior to creating
any child threads, in which case all of the child threads will inherit
the new context. However,
.BR setcon ()
will fail if there are any other
threads running in the same process.
If the process was being ptraced at the time of the
.BR setcon ()
operation, ptrace permission will be revalidated against the new
context and the
.BR setcon ()
will fail if it is not allowed by policy.
.
.SH "RETURN VALUE"
On error \-1 is returned. On success 0 is returned.
.
.SH "SEE ALSO"
.BR selinux "(8), " setexeccon "(3)"
Reference in New Issue View Git Blame Copy Permalink