PERFORCE change 113508 for review

Todd Miller millert at FreeBSD.org
Thu Jan 25 15:11:55 UTC 2007


http://perforce.freebsd.org/chv.cgi?CH=113508

Change 113508 by millert at millert_macbook on 2007/01/25 15:11:29

	Update to libselinux-1.34.0 from the NSA web site.

Affected files ...

.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#5 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_add_callback.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_cache_stats.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_context_to_sid.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_has_perm.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_init.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/context_new.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/freecon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/get_ordered_context_list.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getcon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getexeccon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfilecon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfscreatecon.3#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getseuserbyname.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_context_customizable.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_selinux_enabled.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchmediacon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchpathcon.3#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_check_context.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_compute_av.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_getenforce.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_booleans.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_policy.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_policyvers.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_binary_policy_path.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_check_securetty_context.3#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_getenforcemode.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_policy_root.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_securetty_types_path.3#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/setfilecon.3#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/avcstat.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getenforce.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getsebool.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/matchpathcon.8#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/selinuxenabled.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/setenforce.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/togglesebool.8#2 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#7 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/class_to_string.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/file_path_suffixes.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/sedarwin_config.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_check_securetty_context.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_config.c#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux_internal.h#4 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/getdefaultcon.c#1 add
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/matchpathcon.c#3 edit
.. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/utils/selinux_check_securetty_context.c#1 add

Differences ...

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/ChangeLog#5 (text+ko) ====

@@ -1,3 +1,30 @@
+1.34.0 2007-01-18
+	* Updated version for stable branch.	
+
+1.33.6 2007-01-17
+	* Merged man page updates to make "apropos selinux" work from Dan Walsh.
+
+1.33.5 2007-01-16
+	* Merged getdefaultcon utility from Dan Walsh.
+
+1.33.4 2007-01-11
+	* Merged selinux_check_securetty_context() and support from Dan Walsh.
+
+1.33.3 2007-01-04
+	* Merged patch for matchpathcon utility to use file mode information
+	  when available from Dan Walsh.
+
+1.33.2 2006-11-27
+	* Merged patch to compile with -fPIC instead of -fpic from
+	  Manoj Srivastava to prevent hitting the global offset table
+	  limit. Patch changed to include libsepol and libsemanage in
+	  addition to libselinux.
+
+1.33.1 2006-10-19
+	* Merged updated flask definitions from Darrel Goeddel.
+ 	  This adds the context security class, and also adds
+	  the string definitions for setsockcreate and polmatch.
+
 1.32 2006-10-17
 	* Updated version for release.
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/VERSION#5 (text+ko) ====

@@ -1,1 +1,1 @@
-1.32
+1.34.0

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/av_permissions.h#5 (text+ko) ====

@@ -438,7 +438,7 @@
 #define PROCESS__EXECSTACK                        0x04000000UL
 #define PROCESS__EXECHEAP                         0x08000000UL
 #define PROCESS__SETKEYCREATE                     0x10000000UL
-#define PROCESS__TASKFORPID                       0x20000000UL
+#define PROCESS__SETSOCKCREATE                    0x20000000UL
 #define IPC__CREATE                               0x00000001UL
 #define IPC__DESTROY                              0x00000002UL
 #define IPC__GETATTR                              0x00000004UL
@@ -895,18 +895,5 @@
 #define KEY__LINK                                 0x00000010UL
 #define KEY__SETATTR                              0x00000020UL
 #define KEY__CREATE                               0x00000040UL
-#define MACH_PORT__RELABELFROM                    0x00000001UL
-#define MACH_PORT__RELABELTO                      0x00000002UL
-#define MACH_PORT__SEND                           0x00000004UL
-#define MACH_PORT__RECV                           0x00000008UL
-#define MACH_PORT__MAKE_SEND                      0x00000010UL
-#define MACH_PORT__MAKE_SEND_ONCE                 0x00000020UL
-#define MACH_PORT__COPY_SEND                      0x00000040UL
-#define MACH_PORT__MOVE_SEND                      0x00000080UL
-#define MACH_PORT__MOVE_SEND_ONCE                 0x00000100UL
-#define MACH_PORT__MOVE_RECV                      0x00000200UL
-#define MACH_PORT__HOLD_SEND                      0x00000400UL
-#define MACH_PORT__HOLD_SEND_ONCE                 0x00000800UL
-#define MACH_PORT__HOLD_RECV                      0x00001000UL
-#define MACH_TASK__TERMINATE                      0x00000001UL
-#define MACH_TASK__SET_SPECIAL_PORT               0x00000002UL
+#define CONTEXT__TRANSLATE                        0x00000001UL
+#define CONTEXT__CONTAINS                         0x00000002UL

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/flask.h#4 (text+ko) ====

@@ -63,8 +63,7 @@
 #define SECCLASS_APPLETALK_SOCKET                        56
 #define SECCLASS_PACKET                                  57
 #define SECCLASS_KEY                                     58
-#define SECCLASS_MACH_PORT                               59
-#define SECCLASS_MACH_TASK                               60
+#define SECCLASS_CONTEXT                                 59
 
 /*
  * Security identifier indices for initial entities
@@ -96,8 +95,7 @@
 #define SECINITSID_POLICY                               25
 #define SECINITSID_SCMP_PACKET                          26
 #define SECINITSID_DEVNULL                              27
-#define SECINITSID_DEVFS                                28
 
-#define SECINITSID_NUM                                  28
+#define SECINITSID_NUM                                  27
 
 #endif

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/include/selinux/selinux.h#4 (text+ko) ====

@@ -40,16 +40,14 @@
 	extern int setcon_raw(security_context_t con);
 
 /* Get context of process identified by pid, and 
-   set *con to refer to it.  Caller must free via freecon. 
-   This has not been ported to SEBSD yet. */
-//	extern int getpidcon(pid_t pid, security_context_t * con);
-//	extern int getpidcon_raw(pid_t pid, security_context_t * con);
+   set *con to refer to it.  Caller must free via freecon. */
+	extern int getpidcon(pid_t pid, security_context_t * con);
+	extern int getpidcon_raw(pid_t pid, security_context_t * con);
 
 /* Get previous context (prior to last exec), and set *con to refer to it.
-   Caller must free via freecon.
-   This has not been ported to SEBSD yet.*/
-//	extern int getprevcon(security_context_t * con);
-//	extern int getprevcon_raw(security_context_t * con);
+   Caller must free via freecon. */
+	extern int getprevcon(security_context_t * con);
+	extern int getprevcon_raw(security_context_t * con);
 
 /* Get exec context, and set *con to refer to it.
    Sets *con to NULL if no exec context has been set, i.e. using default.
@@ -78,9 +76,10 @@
 
 /* Get keycreate context, and set *con to refer to it.
    Sets *con to NULL if no key create context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-	extern int getkeycreatecon(security_context_t * con);
-	extern int getkeycreatecon_raw(security_context_t * con);
+   If non-NULL, caller must free via freecon. 
+   This has not been ported to SEBSD yet. */
+//	extern int getkeycreatecon(security_context_t * con);
+//	extern int getkeycreatecon_raw(security_context_t * con);
 
 /* Set the keycreate security context for subsequent key creations.
    Call with NULL if you want to reset to the default. */
@@ -150,16 +149,15 @@
 					   struct av_decision *avd);
 
 /* Compute a labeling decision and set *newcon to refer to it.
-   Caller must free via freecon.
-   This has not been ported to SEBSD yet. */
-//	extern int security_compute_create(security_context_t scon,
-//					   security_context_t tcon,
-//					   security_class_t tclass,
-//					   security_context_t * newcon);
-//	extern int security_compute_create_raw(security_context_t scon,
-//					       security_context_t tcon,
-//					       security_class_t tclass,
-//					       security_context_t * newcon);
+   Caller must free via freecon. */
+	extern int security_compute_create(security_context_t scon,
+					   security_context_t tcon,
+					   security_class_t tclass,
+					   security_context_t * newcon);
+	extern int security_compute_create_raw(security_context_t scon,
+					       security_context_t tcon,
+					       security_class_t tclass,
+					       security_context_t * newcon);
 
 /* Compute a relabeling decision and set *newcon to refer to it.
    Caller must free via freecon. */
@@ -173,16 +171,15 @@
 						security_context_t * newcon);
 
 /* Compute a polyinstantiation member decision and set *newcon to refer to it.
-   Caller must free via freecon.
-   This has not been ported to SEBSD yet. */
-//	extern int security_compute_member(security_context_t scon,
-//					   security_context_t tcon,
-//					   security_class_t tclass,
-//					   security_context_t * newcon);
-//	extern int security_compute_member_raw(security_context_t scon,
-//					       security_context_t tcon,
-//					       security_class_t tclass,
-//					       security_context_t * newcon);
+   Caller must free via freecon. */
+	extern int security_compute_member(security_context_t scon,
+					   security_context_t tcon,
+					   security_class_t tclass,
+					   security_context_t * newcon);
+	extern int security_compute_member_raw(security_context_t scon,
+					       security_context_t tcon,
+					       security_class_t tclass,
+					       security_context_t * newcon);
 
 /* Compute the set of reachable user contexts and set *con to refer to 
    the NULL-terminated array of contexts.  Caller must free via freeconary. */
@@ -253,19 +250,16 @@
    the active policy boolean configuration file. */
 	extern int security_load_booleans(char *path);
 
-/* Check the validity of a security context.
- * This has not been ported to SEBSD yet. */
-//	extern int security_check_context(security_context_t con);
-//	extern int security_check_context_raw(security_context_t con);
+/* Check the validity of a security context. */
+	extern int security_check_context(security_context_t con);
+	extern int security_check_context_raw(security_context_t con);
 
-/* Canonicalize a security context. 
- * These are not fully implemented in SEBSD yet.  At the moment 
- * input = output. */
+/* Canonicalize a security context. */
 	extern int security_canonicalize_context(security_context_t con,
 						 security_context_t * canoncon);
-//	extern int security_canonicalize_context_raw(security_context_t con,
-//						     security_context_t *
-//						     canoncon);
+	extern int security_canonicalize_context_raw(security_context_t con,
+						     security_context_t *
+						     canoncon);
 
 /* Get the enforce flag value. */
 	extern int security_getenforce(void);
@@ -316,7 +310,7 @@
    validity of a context in the file contexts configuration.  If not set,
    then this defaults to a test based on security_check_context().  
    The function is also responsible for reporting any such error, and
-   may include the 'path' and 'lineno' in such error messages.  */
+   may include the 'path' and 'lineno' in such error messages. */
 	extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
 							  unsigned lineno,
 							  char *context));
@@ -324,7 +318,7 @@
 /* Same as above, but also allows canonicalization of the context,
    by changing *context to refer to the canonical form.  If not set,
    and invalidcon is also not set, then this defaults to calling
-   security_canonicalize_context().  */
+   security_canonicalize_context(). */
 	extern void set_matchpathcon_canoncon(int (*f) (const char *path,
 							unsigned lineno,
 							char **context));
@@ -346,7 +340,7 @@
 	extern int matchpathcon_init(const char *path);
 
 /* Same as matchpathcon_init, but only load entries with
-   regexes that have stems that are prefixes of 'prefix'.  */
+   regexes that have stems that are prefixes of 'prefix'. */
 	extern int matchpathcon_init_prefix(const char *path,
 					    const char *prefix);
 
@@ -425,6 +419,7 @@
 	extern const char *selinux_homedir_context_path(void);
 	extern const char *selinux_media_context_path(void);
 	extern const char *selinux_contexts_path(void);
+	extern const char *selinux_securetty_types_path(void);
 	extern const char *selinux_booleans_path(void);
 	extern const char *selinux_customizable_types_path(void);
 	extern const char *selinux_users_path(void);
@@ -439,6 +434,11 @@
 //	extern int selinux_check_passwd_access(access_vector_t requested);
 //	extern int checkPasswdAccess(access_vector_t requested);
 
+/* Check if the tty_context is defined as a securetty
+   Return 0 if secure, < 0 otherwise. */
+	extern int selinux_check_securetty_context(security_context_t
+						   tty_context);
+
 /* Set the path to the selinuxfs mount point explicitly.
    Normally, this is determined automatically during libselinux 
    initialization, but this is not always possible, e.g. for /sbin/init

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_add_callback.3#2 (text+ko) ====

@@ -3,7 +3,7 @@
 .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
 .TH "avc_add_callback" "3" "9 June 2004" "" "SE Linux API documentation"
 .SH "NAME"
-avc_add_callback \- additional event notification for userspace object managers.
+avc_add_callback \- additional event notification for SELinux userspace object managers.
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .br
@@ -181,3 +181,4 @@
 .BR avc_context_to_sid (3),
 .BR avc_cache_stats (3),
 .BR security_compute_av (3)
+.BR selinux (8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_cache_stats.3#2 (text+ko) ====

@@ -3,7 +3,7 @@
 .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
 .TH "avc_cache_stats" "3" "27 May 2004" "" "SE Linux API documentation"
 .SH "NAME"
-avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace AVC statistics.
+avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .br
@@ -96,3 +96,4 @@
 .BR avc_has_perm (3),
 .BR avc_context_to_sid (3),
 .BR avc_add_callback (3)
+.BR selinux (8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_context_to_sid.3#2 (text+ko) ====

@@ -3,7 +3,7 @@
 .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
 .TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation"
 .SH "NAME"
-avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate security ID's.
+avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate SELinux security ID's.
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .br
@@ -88,3 +88,4 @@
 .BR avc_add_callback (3),
 .BR getcon (3),
 .BR freecon (3)
+.BR selinux (8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_has_perm.3#2 (text+ko) ====

@@ -152,3 +152,4 @@
 .BR avc_cache_stats (3),
 .BR avc_add_callback (3),
 .BR security_compute_av (3)
+.BR selinux(8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/avc_init.3#2 (text+ko) ====

@@ -3,7 +3,7 @@
 .\" Author: Eamon Walsh (ewalsh at epoch.ncsc.mil) 2004
 .TH "avc_init" "3" "27 May 2004" "" "SE Linux API documentation"
 .SH "NAME"
-avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace AVC setup and teardown.
+avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .br
@@ -209,3 +209,5 @@
 .BR avc_cache_stats (3),
 .BR avc_add_callback (3),
 .BR security_compute_av (3)
+.BR selinux (8)
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/context_new.3#2 (text+ko) ====

@@ -56,3 +56,6 @@
 On success, zero is returned. On failure, -1 is returned and errno is
 set appropriately.
 
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/freecon.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "freecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-freecon, freeconary \- free memory associated with SE Linux security contexts.
+freecon, freeconary \- free memory associated with SELinux security contexts.
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -14,3 +14,7 @@
 
 .B freeconary
 frees the memory allocated for a context array.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/get_ordered_context_list.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "get_ordered_context_list" "3" "1 January 2004" "russell at coker.com.au" "SE Linux"
 .SH "NAME"
-get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine context(s) for user sessions
+get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -77,4 +77,4 @@
 The other functions return 0 for success or -1 for errors.
 
 .SH "SEE ALSO"
-.BR freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
+.BR selinux "(8), " freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getcon.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "getcon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-getcon, getprevcon, getpidcon \- get SE Linux security context of a process.
+getcon, getprevcon, getpidcon \- get SELinux security context of a process.
 .br
 getpeercon - get security context of a peer socket.
 .br
@@ -59,4 +59,4 @@
 On error -1 is returned.  On success 0 is returned.
 
 .SH "SEE ALSO"
-.BR freecon "(3), " setexeccon "(3)"
+.BR selinux "(8), " freecon "(3), " setexeccon "(3)"

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getexeccon.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "getexeccon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-getexeccon, setexeccon \- get or set the SE Linux security context used for executing a new process.
+getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
 .br
 rpm_execcon \- run a helper for rpm in an appropriate security context
 
@@ -55,6 +55,6 @@
 rpm_execcon only returns upon errors, as it calls execve(2).
 
 .SH "SEE ALSO"
-.BR freecon "(3), " getcon "(3)"
+.BR selinux "(8), " freecon "(3), " getcon "(3)"
 
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfilecon.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "getfilecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-getfilecon, fgetfilecon, lgetfilecon \- get SE Linux security context of a file
+getfilecon, fgetfilecon, lgetfilecon \- get SELinux security context of a file
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -40,4 +40,4 @@
 here.
 
 .SH "SEE ALSO"
-.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getfscreatecon.3#3 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "getfscreatecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-getfscreatecon, setfscreatecon \- get or set the SE Linux security context used for creating a new file system object.
+getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object.
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -35,4 +35,4 @@
 On success 0 is returned.
 
 .SH "SEE ALSO"
-.BR freecon "(3), " getcon "(3), " getexeccon "(3)"
+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/getseuserbyname.3#2 (text+ko) ====

@@ -23,3 +23,6 @@
 The errors documented for the stat(2) system call are also applicable
 here.
 
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_context_customizable.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "is_context_customizable" "3" "10 January 2005" "dwalsh at redhat.com" "SELinux API documentation"
 .SH "NAME"
-is_context_customizable \- check whether context type is customizable by the administrator.
+is_context_customizable \- check whether SELinux context type is customizable by the administrator.
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -20,3 +20,6 @@
 .SH "FILE"
 /etc/selinux/SELINUXTYPE/context/customizable_types
 
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/is_selinux_enabled.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "is_selinux_enabled" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-is_selinux_enabled \- check whether SE Linux is enabled
+is_selinux_enabled \- check whether SELinux is enabled
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -9,3 +9,7 @@
 .SH "DESCRIPTION"
 .B is_selinux_enabled
 returns 1 if SE Linux is running or 0 if it is not.  May change soon.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchmediacon.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "matchmediacon" "3" "15 November 2004" "dwalsh at redhat.com" "SE Linux API documentation"
 .SH "NAME"
-matchmediacon \- get the default security context for the specified mediatype from the policy.
+matchmediacon \- get the default SELinux security context for the specified mediatype from the policy.
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -23,4 +23,4 @@
 /etc/selinux/POLICYTYPE/contexts/files/media
 
 .SH "SEE ALSO"
-.BR freecon "(3)
+.BR selinux "(8), " freecon "(3)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/matchpathcon.3#3 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "matchpathcon" "3" "16 March 2005" "sds at tycho.nsa.gov" "SE Linux API documentation"
 .SH "NAME"
-matchpathcon \- get the default security context for the specified path from the file contexts configuration.
+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -117,4 +117,4 @@
 Returns 0 on success or -1 otherwise.
 
 .SH "SEE ALSO"
-.BR freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_check_context.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "security_check_context" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-security_check_context \- check the validity of a context
+security_check_context \- check the validity of a SELinux context
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -10,3 +10,7 @@
 .B security_check_context
 returns 0 if SE Linux is running and the context is valid, otherwise it
 returns -1.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_compute_av.3#2 (text+ko) ====

@@ -1,7 +1,7 @@
 .TH "security_compute_av" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
 security_compute_av, security_compute_create, security_compute_relabel, security_compute_user \- query
-the SE Linux policy database in the kernel.
+the SELinux policy database in the kernel.
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -51,4 +51,4 @@
 0 for success and on error -1 is returned.
 
 .SH "SEE ALSO"
-.BR getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
+.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_getenforce.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "security_getenforce" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-security_getenforce, security_setenforce \- get or set the enforcing state of SE Linux
+security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -17,3 +17,7 @@
 sets SE Linux to enforcing mode if the value 1 is passed in, and sets it to
 permissive mode if 0 is passed in.  On success 0 is returned, on error -1 is
 returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_booleans.3#2 (text+ko) ====

@@ -56,4 +56,4 @@
 This manual page was written by Dan Walsh <dwalsh at redhat.com>.
 
 .SH "SEE ALSO"
-getsebool(8), booleans(8), togglesebool(8)
+selinux(8), getsebool(8), booleans(8), togglesebool(8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_load_policy.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "security_load_policy" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-security_load_policy \- load a new policy
+security_load_policy \- load a new SELinux policy
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -9,3 +9,7 @@
 .SH "DESCRIPTION"
 .B security_load_policy
 loads a new policy, returns 0 for success and -1 for error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/security_policyvers.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "security_policyvers" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-security_policyvers \- get the version of the SE Linux policy
+security_policyvers \- get the version of the SELinux policy
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -10,3 +10,7 @@
 .B security_policyvers
 returns the version of the policy (a positive integer) on success, or -1 on
 error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_binary_policy_path.3#2 (text+ko) ====

@@ -4,7 +4,7 @@
 selinux_failsafe_context_path, selinux_removable_context_path,
 selinux_default_context_path, selinux_user_contexts_path,
 selinux_file_context_path, selinux_media_context_path,
-selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active policy configuration
+selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration
 directories and files.
 
 .SH "SYNOPSIS"
@@ -27,6 +27,8 @@
 .br
 extern const char *selinux_media_context_path(void);
 .br
+extern const char *selinux_securetty_types_path(void);
+.br
 extern const char *selinux_contexts_path(void);
 .br
 extern const char *selinux_booleans_path(void);
@@ -56,8 +58,13 @@
 .sp
 selinux_contexts_path() - directory containing all of the context configuration files
 .sp
+selinux_securetty_types_path() - defines tty types for newrole securettys
+.sp
 selinux_booleans_path() - initial policy boolean settings
 
 .SH AUTHOR	
 This manual page was written by Dan Walsh <dwalsh at redhat.com>.
 
+.SH "SEE ALSO"
+.BR selinux "(8)"
+

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_getenforcemode.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh at redhat.com" "SE Linux API documentation"
 .SH "NAME"
-selinux_getenforcemode \- get the enforcing state of SE Linux
+selinux_getenforcemode \- get the enforcing state of SELinux
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
 .sp
@@ -19,4 +19,7 @@
 On success, zero is returned.
 On failure, -1 is returned.
 
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/selinux_policy_root.3#2 (text+ko) ====

@@ -14,4 +14,7 @@
 On success, returns a directory path containing the SELinux policy files.
 On failure, NULL is returned.
 
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man3/setfilecon.3#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "setfilecon" "3" "1 January 2004" "russell at coker.com.au" "SE Linux API documentation"
 .SH "NAME"
-setfilecon, fsetfilecon, lsetfilecon \- set SE Linux security context of a file
+setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file
 
 .SH "SYNOPSIS"
 .B #include <selinux/selinux.h>
@@ -38,4 +38,4 @@
 here.
 
 .SH "SEE ALSO"
-.BR freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
+.BR selinux "(3), " freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/avcstat.8#2 (text+ko) ====

@@ -22,6 +22,9 @@
 .B \-f
 Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'.
 
+.SH "SEE ALSO"
+selinux(8)
+
 .SH AUTHOR	
 This manual page was written by Dan Walsh <dwalsh at redhat.com>.
 The program was written by James Morris <jmorris at redhat.com>.

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getenforce.8#2 (text+ko) ====

@@ -12,4 +12,4 @@
 Dan Walsh, <dwalsh at redhat.com>
 
 .SH "SEE ALSO"
-setenforce(8), selinuxenabled(8)
+selinux(8), setenforce(8), selinuxenabled(8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/getsebool.8#2 (text+ko) ====

@@ -26,9 +26,10 @@
 .B \-a
 Show all SELinux booleans.
 
+.SH "SEE ALSO"
+selinux(8), setsebool(8), booleans(8)
+
 .SH AUTHOR	
 This manual page was written by Dan Walsh <dwalsh at redhat.com>.
 The program was written by Tresys Technology.
 
-.SH "SEE ALSO"
-setsebool(8), booleans(8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/matchpathcon.8#3 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "matchpathcon" "8" "21 April 2005" "dwalsh at redhat.com" "SE Linux Command Line documentation"
 .SH "NAME"
-matchpathcon \- get the default security context for the specified path from the file contexts configuration.
+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
 
 .SH "SYNOPSIS"
 .B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
@@ -27,4 +27,5 @@
 This manual page was written by Dan Walsh <dwalsh at redhat.com>.
 
 .SH "SEE ALSO"
+.BR selinux "(8), "
 .BR mathpathcon "(3), " 

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/selinuxenabled.8#2 (text+ko) ====

@@ -13,4 +13,4 @@
 Dan Walsh, <dwalsh at redhat.com>
 
 .SH "SEE ALSO"
-setenforce(8), getenforce(8)
+selinux(8), setenforce(8), getenforce(8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/setenforce.8#2 (text+ko) ====

@@ -17,7 +17,7 @@
 Dan Walsh, <dwalsh at redhat.com>
 
 .SH "SEE ALSO"
-getenforce(8), selinuxenabled(8)
+selinux(8), getenforce(8), selinuxenabled(8)
 
 .SH FILES
 /etc/grub.conf, /etc/selinux/config

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/man/man8/togglesebool.8#2 (text+ko) ====

@@ -1,6 +1,6 @@
 .TH "togglesebool" "1" "26 Oct 2004" "sgrubb at redhat.com" "SELinux Command Line documentation"
 .SH "NAME"
-togglesebool \- flip the current value of a boolean
+togglesebool \- flip the current value of a SELinux boolean
 .SH "SYNOPSIS"
 .B togglesebool boolean...
 
@@ -14,4 +14,4 @@
 This man page was written by Steve Grubb <sgrubb at redhat.com>
 
 .SH "SEE ALSO"
-booleans(8), getsebool(8), setsebool(8)
+selinux(8), booleans(8), getsebool(8), setsebool(8)

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#7 (text+ko) ====

@@ -13,7 +13,8 @@
 	getfilecon.o getpeercon.o getpidcon.o getprevcon.o init.o \
 	is_customizable_type.o lgetfilecon.o load_migscs.o load_policy.o \
 	lsetfilecon.o matchmediacon.o matchpathcon.o policyvers.o \
-	query_user_context.o sedarwin_config.o setcon.o setenforce.o \
+	query_user_context.o sedarwin_config.o \
+	selinux_check_securetty_context.o setcon.o setenforce.o \
 	setfilecon.o setrans_client.o seusers.o
 
 # The following require kernel support for fs and exec contexts

==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/av_perm_to_string.h#4 (text+ko) ====

@@ -1,269 +1,269 @@
 /* This file is automatically generated.  Do not edit. */
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
-   S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
-   S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
-   S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
-   S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
-   S_(SECCLASS_DIR, DIR__SEARCH, "search")
-   S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
-   S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
-   S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
-   S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
-   S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
-   S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
-   S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
-   S_(SECCLASS_FD, FD__USE, "use")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
-   S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect")
-   S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
-   S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
-   S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
-   S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
-   S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
-   S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
-   S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
-   S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
-   S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
-   S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
-   S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
-   S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
-   S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
-   S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
-   S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
-   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
-   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
-   S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
-   S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
-   S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
-   S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
-   S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
-   S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
-   S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
-   S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
-   S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
-   S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
-   S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
-   S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
-   S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
-   S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
-   S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
-   S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
-   S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
-   S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
-   S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
-   S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
-   S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
-   S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
-   S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
-   S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
-   S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
-   S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
-   S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
-   S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
-   S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
-   S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
-   S_(SECCLASS_PROCESS, PROCESS__TASKFORPID, "taskforpid")
-   S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
-   S_(SECCLASS_MSG, MSG__SEND, "send")
-   S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
-   S_(SECCLASS_SHM, SHM__LOCK, "lock")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
-   S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
-   S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
-   S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
-   S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
-   S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
-   S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
-   S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot")
-   S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
-   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
-   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
-   S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
-   S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")

>>> TRUNCATED FOR MAIL (1000 lines) <<<


More information about the trustedbsd-cvs mailing list