From patchwork Sun Feb 21 15:35:29 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Richard Haines X-Patchwork-Id: 8368421 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 824329F372 for ; Sun, 21 Feb 2016 15:38:53 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id B6A61203B5 for ; Sun, 21 Feb 2016 15:38:52 +0000 (UTC) Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 22941203B1 for ; Sun, 21 Feb 2016 15:38:51 +0000 (UTC) X-TM-IMSS-Message-ID: <2791eb9500067784@nsa.gov> Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1) id 2791eb9500067784 ; Sun, 21 Feb 2016 10:36:30 -0500 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u1LFZkAa012855; Sun, 21 Feb 2016 10:36:03 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u1LFZhfu000582 for ; Sun, 21 Feb 2016 10:35:43 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u1LFZfwb012842 for ; Sun, 21 Feb 2016 10:35:43 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DYAAC52MlWmYIAFEFeGQEDDwEBAQGESbg7hAIHF4V2gW8BAQEBAQESAQEBAQEGDQkJIXASAYNxQwEBNwGBUIgEAQMSBKtyhScBBIEAiQwGhBCId4RDC0CBJ4dbjzGPOo0VAkSFLohXghhAHoFQaoVzgmMBAQE X-IPAS-Result: A1DYAAC52MlWmYIAFEFeGQEDDwEBAQGESbg7hAIHF4V2gW8BAQEBAQESAQEBAQEGDQkJIXASAYNxQwEBNwGBUIgEAQMSBKtyhScBBIEAiQwGhBCId4RDC0CBJ4dbjzGPOo0VAkSFLohXghhAHoFQaoVzgmMBAQE X-IronPort-AV: E=Sophos;i="5.22,481,1449550800"; d="scan'208";a="5219122" Received: from emvm-gh1-uea08.nsa.gov ([10.208.42.193]) by goalie.tycho.ncsc.mil with ESMTP; 21 Feb 2016 10:35:40 -0500 X-TM-IMSS-Message-ID: <2790c04200067770@nsa.gov> Received: from rgout0603.bt.lon5.cpcloud.co.uk (rgout0603.bt.lon5.cpcloud.co.uk [65.20.0.130]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1) id 2790c04200067770 ; Sun, 21 Feb 2016 10:35:13 -0500 X-OWM-Source-IP: 86.134.48.14 (GB) X-OWM-Env-Sender: richard_c_haines@btinternet.com X-CTCH-RefID: str=0001.0A090202.56C9D94A.000B, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0 X-Junkmail-Premium-Raw: score=27/50, refid=2.7.2:2016.2.8.115718:17:27.888, ip=86.134.48.14, rules=__HAS_FROM, __PHISH_FROM2, __FRAUD_WEBMAIL_FROM, __TO_MALFORMED_2, __TO_NO_NAME, __HAS_MSGID, __SANE_MSGID, __HAS_X_MAILER, __ANY_URI, __FRAUD_BODY_WEBMAIL, __URI_NO_WWW, __URI_NO_PATH, BODY_SIZE_3000_3999, __MIME_TEXT_ONLY, RDNS_GENERIC_POOLED, __URI_NS, SXL_IP_DYNAMIC[14.48.134.86.fur], HTML_00_01, HTML_00_10, BODY_SIZE_5000_LESS, RDNS_SUSP_GENERIC, __PHISH_FROM, __PHISH_SPEAR_STRUCTURE_1, RDNS_SUSP, __FRAUD_WEBMAIL, BODY_SIZE_7000_LESS, NO_URI_HTTPS X-CTCH-Spam: Unknown Received: from localhost.localdomain (86.134.48.14) by rgout06.bt.lon5.cpcloud.co.uk (8.6.122.06) (authenticated as richard_c_haines@btinternet.com) id 56B0A92D021BD24E; Sun, 21 Feb 2016 15:35:49 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btinternet.com; s=btcpcloud; t=1456068950; bh=BcKWBDif/PkTBvj22yBF3lRQtwUEJzrK/WbzEgGcWYE=; h=From:To:Cc:Subject:Date:Message-Id:X-Mailer; b=CcWmdysChtPDLIKa8S87v8s4C92bkLnnvZ3gxtFxJMkxaet/mViQP8mGMtCREfoLQXxNKGCQp3wdR1Q1aG4AWxarDcwXDhLhvxv9/RttB9PWuUMne/uqYcIelMrFWTdvxZkXCrnL28qykmmn2qNLWebF8KK0FEUzmQS9SbRzLdw= From: Richard Haines To: selinux@tycho.nsa.gov Subject: [PATCH] libselinux: selinux_restorecon.3 man page corrections. Date: Sun, 21 Feb 2016 15:35:29 +0000 Message-Id: <1456068929-20352-1-git-send-email-richard_c_haines@btinternet.com> X-Mailer: git-send-email 2.5.0 X-TM-AS-MML: disable X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Fix typo's and clarify usage. Reported-by: Nicolas Iooss Signed-off-by: Richard Haines --- libselinux/man/man3/selinux_restorecon.3 | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3 index 152b29c..0293c4d 100644 --- a/libselinux/man/man3/selinux_restorecon.3 +++ b/libselinux/man/man3/selinux_restorecon.3 @@ -6,7 +6,7 @@ selinux_restorecon \- restore file(s) default SELinux security contexts .SH "SYNOPSIS" .B #include .sp -.BI "int selinux_restorecon(const char **" pathname , +.BI "int selinux_restorecon(const char *" pathname , .in +\w'int selinux_restorecon('u .br .BI "unsigned int " restorecon_flags ");" @@ -14,7 +14,10 @@ selinux_restorecon \- restore file(s) default SELinux security contexts . .SH "DESCRIPTION" .BR selinux_restorecon () -restores file default security contexts based on: +restores file default security contexts on filesystems that support extended +attributes (see +.BR xattr (7)), +based on: .sp .RS .IR pathname @@ -40,7 +43,7 @@ flag set. If any of the specfiles had been updated, the digest will also be updated. However if the digest is the same, no relabeling checks will take place (unless the .B SELINUX_RESTORECON_IGNORE_DIGEST -is set). +flag is set). .sp .IR restorecon_flags contains the labeling option/rules as follows: @@ -53,7 +56,7 @@ specfiles SHA1 digest. The specfiles digest will be written to the .IR security.restorecon_last extended attribute once relabeling has been completed successfully provided the .B SELINUX_RESTORECON_NOCHANGE -has not been set. +flag has not been set. .sp .B SELINUX_RESTORECON_NOCHANGE don't change any file labels (passive check) or update the digest in the @@ -62,7 +65,7 @@ extended attribute. .sp .B SELINUX_RESTORECON_SET_SPECFILE_CTX If set, reset the files label to match the default specfile context. -if not set only reset the files "type" component of the context to match the +If not set only reset the files "type" component of the context to match the default specfile context. .br @@ -114,8 +117,8 @@ to set the handle to be used by .sp If the .I pathname -is a directory path, then it is possible to set files/directories to be exluded -from the path by calling +is a directory path, then it is possible to set files/directories to be +excluded from the path by calling .BR selinux_restorecon_set_exclude_list (3) with a .B NULL @@ -177,15 +180,20 @@ is not set). .B /sys and in-memory filesystems do not support the .IR security.restorecon_last -extended attribute. +extended attribute and are automatically excluded from any relabeling checks. .sp .BR selinux_restorecon () -does not check whether the mounted filesystems support the +does not check whether mounted filesystems support the .B seclabel -option. These should be set by the caller by +option (i.e. support extended attributes as described in +.BR xattr (7)). +To exclude these filesystems from any relabeling checks .BR selinux_restorecon_set_exclude_list (3) -in the -.IR exclude_list . +should be called prior to +.BR selinux_restorecon () +with a NULL terminated +.IR exclude_list +of these filesystems. . .SH "SEE ALSO" .BR selinux_restorecon_set_sehandle (3),