From owner-trustedbsd-cvs@FreeBSD.ORG Thu Jan 25 15:11:55 2007 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 90E4416A41B for ; Thu, 25 Jan 2007 15:11:55 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.freebsd.org (Postfix) with ESMTP id 6717E13C44C for ; Thu, 25 Jan 2007 15:11:47 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [69.147.83.53]) by cyrus.watson.org (Postfix) with ESMTP id 04C6B4D6D0 for ; Thu, 25 Jan 2007 10:11:44 -0500 (EST) Received: from hub.freebsd.org (hub.freebsd.org [69.147.83.54]) by mx2.freebsd.org (Postfix) with ESMTP id 5717358B15; Thu, 25 Jan 2007 15:11:41 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 4EFF716A40A; Thu, 25 Jan 2007 15:11:41 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0FBAF16A404 for ; Thu, 25 Jan 2007 15:11:41 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id F329013C44B for ; Thu, 25 Jan 2007 15:11:40 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0PFBekl053778 for ; Thu, 25 Jan 2007 15:11:40 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0PFBeNK053772 for perforce@freebsd.org; Thu, 25 Jan 2007 15:11:40 GMT (envelope-from millert@freebsd.org) Date: Thu, 25 Jan 2007 15:11:40 GMT Message-Id: <200701251511.l0PFBeNK053772@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 113508 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jan 2007 15:11:55 -0000 http://perforce.freebsd.org/chv.cgi?CH=113508 Change 113508 by millert@millert_macbook on 2007/01/25 15:11:29 Update to libselinux-1.34.0 from the NSA web site. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_add_callback.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_cache_stats.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_context_to_sid.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_has_perm.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_init.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/context_new.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/freecon.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/get_ordered_context_list.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getcon.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getexeccon.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfilecon.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfscreatecon.3#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getseuserbyname.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_context_customizable.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_selinux_enabled.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchmediacon.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchpathcon.3#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_check_context.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_compute_av.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_getenforce.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_booleans.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_policy.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_policyvers.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_binary_policy_path.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_check_securetty_context.3#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_getenforcemode.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_policy_root.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_securetty_types_path.3#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/setfilecon.3#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/avcstat.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getenforce.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getsebool.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/matchpathcon.8#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/selinuxenabled.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/setenforce.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/togglesebool.8#2 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#7 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/class_to_string.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/file_path_suffixes.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/sedarwin_config.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_check_securetty_context.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_config.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_internal.h#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getdefaultcon.c#1 add .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/matchpathcon.c#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/selinux_check_securetty_context.c#1 add Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#5 (text+ko) ==== @@ -1,3 +1,30 @@ +1.34.0 2007-01-18 + * Updated version for stable branch. + +1.33.6 2007-01-17 + * Merged man page updates to make "apropos selinux" work from Dan Walsh. + +1.33.5 2007-01-16 + * Merged getdefaultcon utility from Dan Walsh. + +1.33.4 2007-01-11 + * Merged selinux_check_securetty_context() and support from Dan Walsh. + +1.33.3 2007-01-04 + * Merged patch for matchpathcon utility to use file mode information + when available from Dan Walsh. + +1.33.2 2006-11-27 + * Merged patch to compile with -fPIC instead of -fpic from + Manoj Srivastava to prevent hitting the global offset table + limit. Patch changed to include libsepol and libsemanage in + addition to libselinux. + +1.33.1 2006-10-19 + * Merged updated flask definitions from Darrel Goeddel. + This adds the context security class, and also adds + the string definitions for setsockcreate and polmatch. + 1.32 2006-10-17 * Updated version for release. ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#5 (text+ko) ==== @@ -1,1 +1,1 @@ -1.32 +1.34.0 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#5 (text+ko) ==== @@ -438,7 +438,7 @@ #define PROCESS__EXECSTACK 0x04000000UL #define PROCESS__EXECHEAP 0x08000000UL #define PROCESS__SETKEYCREATE 0x10000000UL -#define PROCESS__TASKFORPID 0x20000000UL +#define PROCESS__SETSOCKCREATE 0x20000000UL #define IPC__CREATE 0x00000001UL #define IPC__DESTROY 0x00000002UL #define IPC__GETATTR 0x00000004UL @@ -895,18 +895,5 @@ #define KEY__LINK 0x00000010UL #define KEY__SETATTR 0x00000020UL #define KEY__CREATE 0x00000040UL -#define MACH_PORT__RELABELFROM 0x00000001UL -#define MACH_PORT__RELABELTO 0x00000002UL -#define MACH_PORT__SEND 0x00000004UL -#define MACH_PORT__RECV 0x00000008UL -#define MACH_PORT__MAKE_SEND 0x00000010UL -#define MACH_PORT__MAKE_SEND_ONCE 0x00000020UL -#define MACH_PORT__COPY_SEND 0x00000040UL -#define MACH_PORT__MOVE_SEND 0x00000080UL -#define MACH_PORT__MOVE_SEND_ONCE 0x00000100UL -#define MACH_PORT__MOVE_RECV 0x00000200UL -#define MACH_PORT__HOLD_SEND 0x00000400UL -#define MACH_PORT__HOLD_SEND_ONCE 0x00000800UL -#define MACH_PORT__HOLD_RECV 0x00001000UL -#define MACH_TASK__TERMINATE 0x00000001UL -#define MACH_TASK__SET_SPECIAL_PORT 0x00000002UL +#define CONTEXT__TRANSLATE 0x00000001UL +#define CONTEXT__CONTAINS 0x00000002UL ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#4 (text+ko) ==== @@ -63,8 +63,7 @@ #define SECCLASS_APPLETALK_SOCKET 56 #define SECCLASS_PACKET 57 #define SECCLASS_KEY 58 -#define SECCLASS_MACH_PORT 59 -#define SECCLASS_MACH_TASK 60 +#define SECCLASS_CONTEXT 59 /* * Security identifier indices for initial entities @@ -96,8 +95,7 @@ #define SECINITSID_POLICY 25 #define SECINITSID_SCMP_PACKET 26 #define SECINITSID_DEVNULL 27 -#define SECINITSID_DEVFS 28 -#define SECINITSID_NUM 28 +#define SECINITSID_NUM 27 #endif ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#4 (text+ko) ==== @@ -40,16 +40,14 @@ extern int setcon_raw(security_context_t con); /* Get context of process identified by pid, and - set *con to refer to it. Caller must free via freecon. - This has not been ported to SEBSD yet. */ -// extern int getpidcon(pid_t pid, security_context_t * con); -// extern int getpidcon_raw(pid_t pid, security_context_t * con); + set *con to refer to it. Caller must free via freecon. */ + extern int getpidcon(pid_t pid, security_context_t * con); + extern int getpidcon_raw(pid_t pid, security_context_t * con); /* Get previous context (prior to last exec), and set *con to refer to it. - Caller must free via freecon. - This has not been ported to SEBSD yet.*/ -// extern int getprevcon(security_context_t * con); -// extern int getprevcon_raw(security_context_t * con); + Caller must free via freecon. */ + extern int getprevcon(security_context_t * con); + extern int getprevcon_raw(security_context_t * con); /* Get exec context, and set *con to refer to it. Sets *con to NULL if no exec context has been set, i.e. using default. @@ -78,9 +76,10 @@ /* Get keycreate context, and set *con to refer to it. Sets *con to NULL if no key create context has been set, i.e. using default. - If non-NULL, caller must free via freecon. */ - extern int getkeycreatecon(security_context_t * con); - extern int getkeycreatecon_raw(security_context_t * con); + If non-NULL, caller must free via freecon. + This has not been ported to SEBSD yet. */ +// extern int getkeycreatecon(security_context_t * con); +// extern int getkeycreatecon_raw(security_context_t * con); /* Set the keycreate security context for subsequent key creations. Call with NULL if you want to reset to the default. */ @@ -150,16 +149,15 @@ struct av_decision *avd); /* Compute a labeling decision and set *newcon to refer to it. - Caller must free via freecon. - This has not been ported to SEBSD yet. */ -// extern int security_compute_create(security_context_t scon, -// security_context_t tcon, -// security_class_t tclass, -// security_context_t * newcon); -// extern int security_compute_create_raw(security_context_t scon, -// security_context_t tcon, -// security_class_t tclass, -// security_context_t * newcon); + Caller must free via freecon. */ + extern int security_compute_create(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon); + extern int security_compute_create_raw(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon); /* Compute a relabeling decision and set *newcon to refer to it. Caller must free via freecon. */ @@ -173,16 +171,15 @@ security_context_t * newcon); /* Compute a polyinstantiation member decision and set *newcon to refer to it. - Caller must free via freecon. - This has not been ported to SEBSD yet. */ -// extern int security_compute_member(security_context_t scon, -// security_context_t tcon, -// security_class_t tclass, -// security_context_t * newcon); -// extern int security_compute_member_raw(security_context_t scon, -// security_context_t tcon, -// security_class_t tclass, -// security_context_t * newcon); + Caller must free via freecon. */ + extern int security_compute_member(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon); + extern int security_compute_member_raw(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon); /* Compute the set of reachable user contexts and set *con to refer to the NULL-terminated array of contexts. Caller must free via freeconary. */ @@ -253,19 +250,16 @@ the active policy boolean configuration file. */ extern int security_load_booleans(char *path); -/* Check the validity of a security context. - * This has not been ported to SEBSD yet. */ -// extern int security_check_context(security_context_t con); -// extern int security_check_context_raw(security_context_t con); +/* Check the validity of a security context. */ + extern int security_check_context(security_context_t con); + extern int security_check_context_raw(security_context_t con); -/* Canonicalize a security context. - * These are not fully implemented in SEBSD yet. At the moment - * input = output. */ +/* Canonicalize a security context. */ extern int security_canonicalize_context(security_context_t con, security_context_t * canoncon); -// extern int security_canonicalize_context_raw(security_context_t con, -// security_context_t * -// canoncon); + extern int security_canonicalize_context_raw(security_context_t con, + security_context_t * + canoncon); /* Get the enforce flag value. */ extern int security_getenforce(void); @@ -316,7 +310,7 @@ validity of a context in the file contexts configuration. If not set, then this defaults to a test based on security_check_context(). The function is also responsible for reporting any such error, and - may include the 'path' and 'lineno' in such error messages. */ + may include the 'path' and 'lineno' in such error messages. */ extern void set_matchpathcon_invalidcon(int (*f) (const char *path, unsigned lineno, char *context)); @@ -324,7 +318,7 @@ /* Same as above, but also allows canonicalization of the context, by changing *context to refer to the canonical form. If not set, and invalidcon is also not set, then this defaults to calling - security_canonicalize_context(). */ + security_canonicalize_context(). */ extern void set_matchpathcon_canoncon(int (*f) (const char *path, unsigned lineno, char **context)); @@ -346,7 +340,7 @@ extern int matchpathcon_init(const char *path); /* Same as matchpathcon_init, but only load entries with - regexes that have stems that are prefixes of 'prefix'. */ + regexes that have stems that are prefixes of 'prefix'. */ extern int matchpathcon_init_prefix(const char *path, const char *prefix); @@ -425,6 +419,7 @@ extern const char *selinux_homedir_context_path(void); extern const char *selinux_media_context_path(void); extern const char *selinux_contexts_path(void); + extern const char *selinux_securetty_types_path(void); extern const char *selinux_booleans_path(void); extern const char *selinux_customizable_types_path(void); extern const char *selinux_users_path(void); @@ -439,6 +434,11 @@ // extern int selinux_check_passwd_access(access_vector_t requested); // extern int checkPasswdAccess(access_vector_t requested); +/* Check if the tty_context is defined as a securetty + Return 0 if secure, < 0 otherwise. */ + extern int selinux_check_securetty_context(security_context_t + tty_context); + /* Set the path to the selinuxfs mount point explicitly. Normally, this is determined automatically during libselinux initialization, but this is not always possible, e.g. for /sbin/init ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_add_callback.3#2 (text+ko) ==== @@ -3,7 +3,7 @@ .\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004 .TH "avc_add_callback" "3" "9 June 2004" "" "SE Linux API documentation" .SH "NAME" -avc_add_callback \- additional event notification for userspace object managers. +avc_add_callback \- additional event notification for SELinux userspace object managers. .SH "SYNOPSIS" .B #include .br @@ -181,3 +181,4 @@ .BR avc_context_to_sid (3), .BR avc_cache_stats (3), .BR security_compute_av (3) +.BR selinux (8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_cache_stats.3#2 (text+ko) ==== @@ -3,7 +3,7 @@ .\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004 .TH "avc_cache_stats" "3" "27 May 2004" "" "SE Linux API documentation" .SH "NAME" -avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace AVC statistics. +avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics. .SH "SYNOPSIS" .B #include .br @@ -96,3 +96,4 @@ .BR avc_has_perm (3), .BR avc_context_to_sid (3), .BR avc_add_callback (3) +.BR selinux (8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_context_to_sid.3#2 (text+ko) ==== @@ -3,7 +3,7 @@ .\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004 .TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation" .SH "NAME" -avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate security ID's. +avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate SELinux security ID's. .SH "SYNOPSIS" .B #include .br @@ -88,3 +88,4 @@ .BR avc_add_callback (3), .BR getcon (3), .BR freecon (3) +.BR selinux (8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_has_perm.3#2 (text+ko) ==== @@ -152,3 +152,4 @@ .BR avc_cache_stats (3), .BR avc_add_callback (3), .BR security_compute_av (3) +.BR selinux(8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_init.3#2 (text+ko) ==== @@ -3,7 +3,7 @@ .\" Author: Eamon Walsh (ewalsh@epoch.ncsc.mil) 2004 .TH "avc_init" "3" "27 May 2004" "" "SE Linux API documentation" .SH "NAME" -avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace AVC setup and teardown. +avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown. .SH "SYNOPSIS" .B #include .br @@ -209,3 +209,5 @@ .BR avc_cache_stats (3), .BR avc_add_callback (3), .BR security_compute_av (3) +.BR selinux (8) + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/context_new.3#2 (text+ko) ==== @@ -56,3 +56,6 @@ On success, zero is returned. On failure, -1 is returned and errno is set appropriately. +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/freecon.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "freecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -freecon, freeconary \- free memory associated with SE Linux security contexts. +freecon, freeconary \- free memory associated with SELinux security contexts. .SH "SYNOPSIS" .B #include .sp @@ -14,3 +14,7 @@ .B freeconary frees the memory allocated for a context array. + +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/get_ordered_context_list.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SE Linux" .SH "NAME" -get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions +get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions .SH "SYNOPSIS" .B #include @@ -77,4 +77,4 @@ The other functions return 0 for success or -1 for errors. .SH "SEE ALSO" -.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)" +.BR selinux "(8), " freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)" ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getcon.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -getcon, getprevcon, getpidcon \- get SE Linux security context of a process. +getcon, getprevcon, getpidcon \- get SELinux security context of a process. .br getpeercon - get security context of a peer socket. .br @@ -59,4 +59,4 @@ On error -1 is returned. On success 0 is returned. .SH "SEE ALSO" -.BR freecon "(3), " setexeccon "(3)" +.BR selinux "(8), " freecon "(3), " setexeccon "(3)" ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getexeccon.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -getexeccon, setexeccon \- get or set the SE Linux security context used for executing a new process. +getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process. .br rpm_execcon \- run a helper for rpm in an appropriate security context @@ -55,6 +55,6 @@ rpm_execcon only returns upon errors, as it calls execve(2). .SH "SEE ALSO" -.BR freecon "(3), " getcon "(3)" +.BR selinux "(8), " freecon "(3), " getcon "(3)" ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfilecon.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "getfilecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -getfilecon, fgetfilecon, lgetfilecon \- get SE Linux security context of a file +getfilecon, fgetfilecon, lgetfilecon \- get SELinux security context of a file .SH "SYNOPSIS" .B #include .sp @@ -40,4 +40,4 @@ here. .SH "SEE ALSO" -.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" +.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfscreatecon.3#3 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "getfscreatecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -getfscreatecon, setfscreatecon \- get or set the SE Linux security context used for creating a new file system object. +getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object. .SH "SYNOPSIS" .B #include @@ -35,4 +35,4 @@ On success 0 is returned. .SH "SEE ALSO" -.BR freecon "(3), " getcon "(3), " getexeccon "(3)" +.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)" ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getseuserbyname.3#2 (text+ko) ==== @@ -23,3 +23,6 @@ The errors documented for the stat(2) system call are also applicable here. +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_context_customizable.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "is_context_customizable" "3" "10 January 2005" "dwalsh@redhat.com" "SELinux API documentation" .SH "NAME" -is_context_customizable \- check whether context type is customizable by the administrator. +is_context_customizable \- check whether SELinux context type is customizable by the administrator. .SH "SYNOPSIS" .B #include .sp @@ -20,3 +20,6 @@ .SH "FILE" /etc/selinux/SELINUXTYPE/context/customizable_types +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_selinux_enabled.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "is_selinux_enabled" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -is_selinux_enabled \- check whether SE Linux is enabled +is_selinux_enabled \- check whether SELinux is enabled .SH "SYNOPSIS" .B #include .sp @@ -9,3 +9,7 @@ .SH "DESCRIPTION" .B is_selinux_enabled returns 1 if SE Linux is running or 0 if it is not. May change soon. + +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchmediacon.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SE Linux API documentation" .SH "NAME" -matchmediacon \- get the default security context for the specified mediatype from the policy. +matchmediacon \- get the default SELinux security context for the specified mediatype from the policy. .SH "SYNOPSIS" .B #include @@ -23,4 +23,4 @@ /etc/selinux/POLICYTYPE/contexts/files/media .SH "SEE ALSO" -.BR freecon "(3) +.BR selinux "(8), " freecon "(3) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchpathcon.3#3 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "matchpathcon" "3" "16 March 2005" "sds@tycho.nsa.gov" "SE Linux API documentation" .SH "NAME" -matchpathcon \- get the default security context for the specified path from the file contexts configuration. +matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration. .SH "SYNOPSIS" .B #include @@ -117,4 +117,4 @@ Returns 0 on success or -1 otherwise. .SH "SEE ALSO" -.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" +.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)" ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_check_context.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "security_check_context" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -security_check_context \- check the validity of a context +security_check_context \- check the validity of a SELinux context .SH "SYNOPSIS" .B #include .sp @@ -10,3 +10,7 @@ .B security_check_context returns 0 if SE Linux is running and the context is valid, otherwise it returns -1. + +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_compute_av.3#2 (text+ko) ==== @@ -1,7 +1,7 @@ .TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" security_compute_av, security_compute_create, security_compute_relabel, security_compute_user \- query -the SE Linux policy database in the kernel. +the SELinux policy database in the kernel. .SH "SYNOPSIS" .B #include @@ -51,4 +51,4 @@ 0 for success and on error -1 is returned. .SH "SEE ALSO" -.BR getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)" +.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)" ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_getenforce.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "security_getenforce" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -security_getenforce, security_setenforce \- get or set the enforcing state of SE Linux +security_getenforce, security_setenforce \- get or set the enforcing state of SELinux .SH "SYNOPSIS" .B #include .sp @@ -17,3 +17,7 @@ sets SE Linux to enforcing mode if the value 1 is passed in, and sets it to permissive mode if 0 is passed in. On success 0 is returned, on error -1 is returned. + +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_booleans.3#2 (text+ko) ==== @@ -56,4 +56,4 @@ This manual page was written by Dan Walsh . .SH "SEE ALSO" -getsebool(8), booleans(8), togglesebool(8) +selinux(8), getsebool(8), booleans(8), togglesebool(8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_policy.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "security_load_policy" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -security_load_policy \- load a new policy +security_load_policy \- load a new SELinux policy .SH "SYNOPSIS" .B #include .sp @@ -9,3 +9,7 @@ .SH "DESCRIPTION" .B security_load_policy loads a new policy, returns 0 for success and -1 for error. + +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_policyvers.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "security_policyvers" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -security_policyvers \- get the version of the SE Linux policy +security_policyvers \- get the version of the SELinux policy .SH "SYNOPSIS" .B #include .sp @@ -10,3 +10,7 @@ .B security_policyvers returns the version of the policy (a positive integer) on success, or -1 on error. + +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_binary_policy_path.3#2 (text+ko) ==== @@ -4,7 +4,7 @@ selinux_failsafe_context_path, selinux_removable_context_path, selinux_default_context_path, selinux_user_contexts_path, selinux_file_context_path, selinux_media_context_path, -selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active policy configuration +selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration directories and files. .SH "SYNOPSIS" @@ -27,6 +27,8 @@ .br extern const char *selinux_media_context_path(void); .br +extern const char *selinux_securetty_types_path(void); +.br extern const char *selinux_contexts_path(void); .br extern const char *selinux_booleans_path(void); @@ -56,8 +58,13 @@ .sp selinux_contexts_path() - directory containing all of the context configuration files .sp +selinux_securetty_types_path() - defines tty types for newrole securettys +.sp selinux_booleans_path() - initial policy boolean settings .SH AUTHOR This manual page was written by Dan Walsh . +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_getenforcemode.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation" .SH "NAME" -selinux_getenforcemode \- get the enforcing state of SE Linux +selinux_getenforcemode \- get the enforcing state of SELinux .SH "SYNOPSIS" .B #include .sp @@ -19,4 +19,7 @@ On success, zero is returned. On failure, -1 is returned. +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_policy_root.3#2 (text+ko) ==== @@ -14,4 +14,7 @@ On success, returns a directory path containing the SELinux policy files. On failure, NULL is returned. +.SH "SEE ALSO" +.BR selinux "(8)" + ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/setfilecon.3#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "setfilecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" .SH "NAME" -setfilecon, fsetfilecon, lsetfilecon \- set SE Linux security context of a file +setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file .SH "SYNOPSIS" .B #include @@ -38,4 +38,4 @@ here. .SH "SEE ALSO" -.BR freecon "(3), " getfilecon "(3), " setfscreatecon "(3)" +.BR selinux "(3), " freecon "(3), " getfilecon "(3), " setfscreatecon "(3)" ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/avcstat.8#2 (text+ko) ==== @@ -22,6 +22,9 @@ .B \-f Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'. +.SH "SEE ALSO" +selinux(8) + .SH AUTHOR This manual page was written by Dan Walsh . The program was written by James Morris . ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getenforce.8#2 (text+ko) ==== @@ -12,4 +12,4 @@ Dan Walsh, .SH "SEE ALSO" -setenforce(8), selinuxenabled(8) +selinux(8), setenforce(8), selinuxenabled(8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getsebool.8#2 (text+ko) ==== @@ -26,9 +26,10 @@ .B \-a Show all SELinux booleans. +.SH "SEE ALSO" +selinux(8), setsebool(8), booleans(8) + .SH AUTHOR This manual page was written by Dan Walsh . The program was written by Tresys Technology. -.SH "SEE ALSO" -setsebool(8), booleans(8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/matchpathcon.8#3 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "matchpathcon" "8" "21 April 2005" "dwalsh@redhat.com" "SE Linux Command Line documentation" .SH "NAME" -matchpathcon \- get the default security context for the specified path from the file contexts configuration. +matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration. .SH "SYNOPSIS" .B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath... @@ -27,4 +27,5 @@ This manual page was written by Dan Walsh . .SH "SEE ALSO" +.BR selinux "(8), " .BR mathpathcon "(3), " ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/selinuxenabled.8#2 (text+ko) ==== @@ -13,4 +13,4 @@ Dan Walsh, .SH "SEE ALSO" -setenforce(8), getenforce(8) +selinux(8), setenforce(8), getenforce(8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/setenforce.8#2 (text+ko) ==== @@ -17,7 +17,7 @@ Dan Walsh, .SH "SEE ALSO" -getenforce(8), selinuxenabled(8) +selinux(8), getenforce(8), selinuxenabled(8) .SH FILES /etc/grub.conf, /etc/selinux/config ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/togglesebool.8#2 (text+ko) ==== @@ -1,6 +1,6 @@ .TH "togglesebool" "1" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation" .SH "NAME" -togglesebool \- flip the current value of a boolean +togglesebool \- flip the current value of a SELinux boolean .SH "SYNOPSIS" .B togglesebool boolean... @@ -14,4 +14,4 @@ This man page was written by Steve Grubb .SH "SEE ALSO" -booleans(8), getsebool(8), setsebool(8) +selinux(8), booleans(8), getsebool(8), setsebool(8) ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#7 (text+ko) ==== @@ -13,7 +13,8 @@ getfilecon.o getpeercon.o getpidcon.o getprevcon.o init.o \ is_customizable_type.o lgetfilecon.o load_migscs.o load_policy.o \ lsetfilecon.o matchmediacon.o matchpathcon.o policyvers.o \ - query_user_context.o sedarwin_config.o setcon.o setenforce.o \ + query_user_context.o sedarwin_config.o \ + selinux_check_securetty_context.o setcon.o setenforce.o \ setfilecon.o setrans_client.o seusers.o # The following require kernel support for fs and exec contexts ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#4 (text+ko) ==== @@ -1,269 +1,269 @@ /* This file is automatically generated. Do not edit. */ - S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") - S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") - S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") - S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") - S_(SECCLASS_DIR, DIR__REPARENT, "reparent") - S_(SECCLASS_DIR, DIR__SEARCH, "search") - S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") - S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") - S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") - S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") - S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") - S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") - S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") - S_(SECCLASS_FD, FD__USE, "use") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") - S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") - S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") - S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") - S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") - S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") - S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") - S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") - S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") - S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") - S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") - S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") - S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") - S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") - S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") - S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") - S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") - S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") - S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") - S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") - S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") - S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") - S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") - S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") - S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") - S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") - S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") - S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") - S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") - S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") - S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") - S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") - S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") - S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") - S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") - S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") - S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") - S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") - S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") - S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") - S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") - S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") - S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") - S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") - S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") - S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") - S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") - S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") - S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") - S_(SECCLASS_PROCESS, PROCESS__TASKFORPID, "taskforpid") - S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") - S_(SECCLASS_MSG, MSG__SEND, "send") - S_(SECCLASS_MSG, MSG__RECEIVE, "receive") - S_(SECCLASS_SHM, SHM__LOCK, "lock") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") - S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") - S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") - S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") - S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") - S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") - S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") - S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") - S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") - S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") - S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") - S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") - S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") - S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") - S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") - S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") - S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") - S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") - S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") - S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") - S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") - S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") - S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") - S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") >>> TRUNCATED FOR MAIL (1000 lines) <<<