mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-24 06:12:46 +00:00
6ef13eeda7
- Add man page sections '(N)' to external references, and '()' on functions described in the same man page. - Escape minus signs when those are expected to be used on the command line or files. - Mark files and variables in italic; Note headings, function names, constants, program options and man page references in bold. - Do not justify and hyphenate SEE ALSO section, and avoid hyphenation on symbol names by prepending them with \%. - Remove trailing dot from NAME section description. - Split sections with a no-op command '.', to visually distinguish them but to avoid introducing spurious vertical space in the formatted output. - Add explicit .sp commands in the SYNOPSIS section between function prototypes, and fix space placement in function protoypes. - Split header includes with .br (instead of the explicit or implicit .sp) so that they are vertically contiguous. - Add missing {} around SELINUXTYPE and POLICYTYPE variable text in paths. - Remove unneeded formatting commands. - Remove spurious blank lines. Signed-off-by: Guillem Jover <guillem@debian.org> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
85 lines
2.6 KiB
Groff
85 lines
2.6 KiB
Groff
.\" Hey Emacs! This file is -*- nroff -*- source.
|
|
.\"
|
|
.\" Author: KaiGai Kohei (kaigai@ak.jp.nec.com) 2009
|
|
.TH "avc_netlink_loop" "3" "30 Mar 2009" "" "SELinux API documentation"
|
|
.SH "NAME"
|
|
avc_netlink_open, avc_netlink_close, avc_netlink_acquire_fd,
|
|
avc_netlink_release_fd, avc_netlink_check_nb, avc_netlink_loop \- SELinux
|
|
netlink processing
|
|
.
|
|
.SH "SYNOPSIS"
|
|
.B #include <selinux/selinux.h>
|
|
.br
|
|
.B #include <selinux/avc.h>
|
|
.sp
|
|
.BI "int avc_netlink_open(int " blocking ");"
|
|
.sp
|
|
.B void avc_netlink_close(void);
|
|
.sp
|
|
.B int avc_netlink_acquire_fd(void);
|
|
.sp
|
|
.B void avc_netlink_release_fd(void);
|
|
.sp
|
|
.B void avc_netlink_loop(void);
|
|
.sp
|
|
.B int avc_netlink_check_nb(void);
|
|
.
|
|
.SH "DESCRIPTION"
|
|
These functions enable applications to handle notification of SELinux events
|
|
via netlink. The userspace AVC normally checks for netlink messages on each
|
|
call to
|
|
.BR avc_has_perm (3).
|
|
Applications may wish to override this behavior and check for notification
|
|
separately, for example in a
|
|
.BR select (2)
|
|
loop. These functions also permit netlink monitoring without requiring a
|
|
call to
|
|
.BR avc_open (3).
|
|
|
|
.BR avc_netlink_open ()
|
|
opens a netlink socket to receive SELinux notifications. The socket
|
|
descriptor is stored internally; use
|
|
.BR avc_netlink_acquire_fd (3)
|
|
to take ownership of it in application code. The
|
|
.I blocking
|
|
argument controls whether the O_NONBLOCK flag is set on the socket descriptor.
|
|
.BR avc_open (3)
|
|
calls this function internally, specifying non-blocking behavior.
|
|
|
|
.BR avc_netlink_close ()
|
|
closes the netlink socket. This function is called automatically by
|
|
.BR avc_destroy (3).
|
|
|
|
.BR avc_netlink_acquire_fd ()
|
|
returns the netlink socket descriptor number and informs the userspace AVC
|
|
not to check the socket descriptor automatically on calls to
|
|
.BR avc_has_perm (3).
|
|
|
|
.BR avc_netlink_release_fd ()
|
|
returns control of the netlink socket to the userspace AVC, re-enabling
|
|
automatic processing of notifications.
|
|
|
|
.BR avc_netlink_check_nb ()
|
|
checks the netlink socket for pending messages and processes them.
|
|
Callbacks for policyload and enforcing changes will be called;
|
|
see
|
|
.BR selinux_set_callback (3).
|
|
This function does not block.
|
|
|
|
.BR avc_netlink_loop ()
|
|
enters a loop blocking on the netlink socket and processing messages as they
|
|
are received. This function will not return unless an error occurs on
|
|
the socket, in which case the socket is closed.
|
|
.
|
|
.SH "RETURN VALUE"
|
|
.BR avc_netlink_acquire_fd ()
|
|
returns a non-negative file descriptor number on success. Other functions
|
|
with a return value return zero on success. On error, \-1 is returned and
|
|
.I errno
|
|
is set appropriately.
|
|
.
|
|
.SH "SEE ALSO"
|
|
.BR avc_open (3),
|
|
.BR selinux_set_callback (3),
|
|
.BR selinux (8)
|