RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-11 16:44:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
8cc79bcd98
selinux/libselinux/man/man3/selabel_open.3
Eamon Walsh 70aeeb918a This patch allows selabel_*() interfaces to provide an expected security context 
for the given database object identified by its name and object class.
It is necessary to implement a feature something like the restorecon on databases.

The specfile shall be described as follows:
  ------------------------
  #
  # The specfile for database objects
  # (for SE-PostgreSQL)
  #
  # <object class> <object name> <security context>
  #
  db_database     *               system_u:object_r:sepgsql_db_t:s0

  db_schema       *.pg_catalog    system_u:obejct_r:sepgsql_sys_schema_t:s0
  db_schema       *.*             system_u:object_r:sepgsql_schema_t:s0

  db_table        *.pg_catalog.*  system_u:object_r:sepgsql_sysobj_t:s0
  db_table        *.*.*           system_u:object_r:sepgsql_table_t:s0
  ------------------------

- All the characters after the '#' are ignored.
- Wildcards ('*' and '?') are available.
- It returns the first match security context.

Note that hierarchy of the namespace of database objects depends on RDBMS.
So, author of the specfile needs to write correct patterns which are suitable
for the target RDBMS. The patched selabel_*() interfaces don't have any
heuristics for the namespace hierarchy to be suitable for widespread RDBMSs.
In the case of SE-PgSQL, when we lookup an expected security context for the
'my_table' table in the 'public' schema and 'postgres' database, the caller
shall provide 'postgres.public.my_table' as a key.

In the default, it tries to read a specfile which maps database objects and security
context from the /etc/selinux/$POLICYTYPE/contexts/sepgsql_contexts.
Note that when another RDBMS uses this interface, it needs to give an explicit
SELABEL_OPT_PATH option on the selabel_open().

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
Acked-by: Eamon Walsh <ewalsh@tycho.nsa.gov>
2010-03-15 19:01:30 -04:00

103 lines
2.6 KiB
Groff
Raw Blame History

.\" Hey Emacs! This file is -*- nroff -*- source.
.\"
.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
.TH "selabel_open" "3" "18 Jun 2007" "" "SELinux API documentation"
.SH "NAME"
selabel_open, selabel_close \- userspace SELinux labeling interface.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.B #include <selinux/label.h>
.sp
.BI "struct selabel_handle *selabel_open(int " backend ,
.in +\w'struct selabel_handle *selabel_open('u
.BI "struct selinux_opt *" options ,
.BI "unsigned " nopt ");"
.in
.sp
.BI "void selabel_close(struct selabel_handle *" hnd ");"
.SH "DESCRIPTION"
.B selabel_open
is used to initialize a labeling handle to be used for lookup operations. The
.I backend
argument specifies which backend is to be opened; the list of current backends appears in
.B BACKENDS
below.
The
.I options
argument should be NULL or a pointer to an array of
.B selinux_opt
structures of length
.IR nopt :
.RS
.ta 4n 16n 24n
.nf
struct selinux_opt {
int type;
const char *value;
};
.fi
.ta
.RE
The available option types are described in
.B GLOBAL OPTIONS
below as well as in the documentation for each individual backend. The return value on success is a non-NULL value for use in subsequent label operations.
.B selabel_close
terminates use of a handle, freeing any internal resources associated with it. After this call has been made, the handle must not be used again.
.SH "GLOBAL OPTIONS"
Global options which may be passed to
.B selabel_open
include the following:
.TP
.B SELABEL_OPT_UNUSED
The option with a type code of zero is a no-op. Thus an array of options may be initizalized to zero and any untouched elements will not cause an error.
.TP
.B SELABEL_OPT_VALIDATE
A non-null value for this option enables context validation. By default,
.BR security_check_context (3)
is used; a custom validation function can be provided via
.BR selinux_set_callback (3).
Note that an invalid context may not be treated as an error unless it is actually encountered during a lookup operation.
.SH "BACKENDS"
.TP
.B SELABEL_CTX_FILE
File contexts backend, described in
.BR selabel_file (5).
.TP
.B SELABEL_CTX_MEDIA
Media contexts backend, described in
.BR selabel_media (5).
.TP
.B SELABEL_CTX_X
X Windows contexts backend, described in
.BR selabel_x (5).
.TP
.B SELABEL_CTX_DB
Database objects contexts backend, described in
.BR selabel_db (5).
.SH "RETURN VALUE"
A non-NULL handle value is returned on success. On error, NULL is returned and
.I errno
is set appropriately.
.SH "AUTHOR"
Eamon Walsh <ewalsh@tycho.nsa.gov>
.SH "SEE ALSO"
.BR selabel_lookup (3),
.BR selabel_stats (3),
.BR selinux_set_callback (3),
.BR selinux (8)
Reference in New Issue View Git Blame Copy Permalink