selinux_set_mapping man page on CentOS

Man page or keyword search:  
man Server   8420 pages
apropos Keyword Search (all sections)
Output format
CentOS logo
[printable version]

selinux_set_mapping(3)	   SELinux API documentation	selinux_set_mapping(3)

NAME
       selinux_set_mapping  -  establish  dynamic  object class and permission
       mapping.

SYNOPSIS
       #include <selinux/selinux.h>

       struct security_class_mapping {
	    const char *name;
	    const char *perms[];
       };

       int selinux_set_mapping(struct security_class_mapping *map);

DESCRIPTION
       selinux_set_mapping establishes a mapping from a user-provided ordering
       of  object  classes and permissions to the numbers actually used by the
       loaded system policy.  Use of this function is  highly  preferred  over
       the  generated constants in the libselinux header files, as this method
       allows the policy's class and permission values to change over time.

       After the mapping is established, all libselinux functions that operate
       on  class  and  permission values take the user-provided numbers, which
       are determined as follows:

       The map argument consists of an array of security_class_mapping	struc‐
       tures,  which  must  be	terminated  by	a structure having a NULL name
       field.  Except for this last structure, the name field should refer  to
       the  string  name of an object class, and the corresponding perms field
       should refer to an array of permission bit names terminated by  a  NULL
       string.

       The object classes named in the mapping and the bit indexes of each set
       of permission bits named in the mapping are numbered in order  starting
       from  1.	  These numbers are the values that should be passed to subse‐
       quent libselinux calls.

RETURN VALUE
       Zero is returned on success.  On error, -1 is returned and errno is set
       appropriately.

ERRORS
       EINVAL One of the class or permission names requested in the mapping is
	      not present in the loaded policy.

       ENOMEM An attempt to allocate memory failed.

EXAMPLE
	      struct security_class_mapping map[] = {
		  { "file", { "create", "unlink", "read", "write", NULL } },
		  { "socket", { "bind", NULL } },
		  { "process", { "signal", NULL } },
		  { NULL }
	      };

	      if (selinux_set_mapping(map) < 0)
		  exit(1);

       In this example, after the call has succeeded,  classes	file,  socket,
       and  process  will  be identified by 1, 2 and 3, respectively.  Permis‐
       sions create, unlink, read, and write (for  the	file  class)  will  be
       identified by 1, 2, 4, and 8 respectively.  Classes and permissions not
       listed in the mapping cannot be used.

AUTHOR
       Eamon Walsh <ewalsh@tycho.nsa.gov>

SEE ALSO
       avc_open(8), selinux(8)

				  12 Jun 2008		selinux_set_mapping(3)
[top]

List of man pages available for CentOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net