logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

selinux_set_callback - userspace SELinux callback facilities

Contents

Author

       Eamon Walsh <ewalsh@tycho.nsa.gov>

Description

selinux_set_callback()  sets  the  callback  indicated  by type to the value of callback, which should be
       passed as a function pointer cast to type unionselinux_callback.

       All callback functions should return a negative value with errno set appropriately on error.

       The available values for type are:

       SELINUX_CB_LOGint(*func_log)(inttype,constchar*fmt,...);

              This callback is used for logging and should process the printf(3) style fmt string and  arguments
              as  appropriate.   The  type  argument indicates the type of message and will be set to one of the
              following:

              SELINUX_ERRORSELINUX_WARNINGSELINUX_INFOSELINUX_AVCSELINUX_POLICYLOADSELINUX_SETENFORCE

              SELINUX_ERROR, SELINUX_WARNING, and SELINUX_INFO indicate standard log severity levels and are not
              auditable messages.

              The SELINUX_AVC, SELINUX_POLICYLOAD, and SELINUX_SETENFORCE message  types  can  be  audited  with
              AUDIT_USER_AVC,   AUDIT_USER_MAC_POLICY_LOAD,  and  AUDIT_USER_MAC_STATUS  values  from  libaudit,
              respectively.   If  they  are  not  audited,  SELINUX_AVC  should  be  considered  equivalent   to
              SELINUX_ERROR;   similarly,   SELINUX_POLICYLOAD   and  SELINUX_SETENFORCE  should  be  considered
              equivalent to SELINUX_INFO.

       SELINUX_CB_AUDITint(*func_audit)(void*auditdata,security_class_tcls,char*msgbuf,size_tmsgbufsize);

              This callback is used for supplemental auditing in AVC messages.  The auditdata and cls  arguments
              are  the  values  passed to avc_has_perm(3).  A human-readable interpretation should be printed to
              msgbuf using no more than msgbufsize characters.

       SELINUX_CB_VALIDATEint(*func_validate)(char**ctx);

              This callback is used for context validation.   The  callback  may  optionally  modify  the  input
              context  by  setting  the target of the ctx pointer to a new context.  In this case, the old value
              should be freed with freecon(3).  The value of errno should  be  set  to  EINVAL  to  indicate  an
              invalid context.

       SELINUX_CB_SETENFORCEint(*func_setenforce)(intenforcing);

              This  callback  is  invoked  when  the  system  enforcing  state  changes.  The enforcing argument
              indicates the new value and is set to 1 for enforcing mode, and 0 for permissive mode.

       SELINUX_CB_POLICYLOADint(*func_policyload)(intseqno);

              This callback is invoked when the system security policy is reloaded.  The seqno argument  is  the
              current sequential number of the policy generation in the system.

Errors

       None.

Name

       selinux_set_callback - userspace SELinux callback facilities

Return Value

       None.

See Also

selabel_open(3), avc_init(3), avc_netlink_open(3), selinux(8)

                                                   20 Jun 2007                           selinux_set_callback(3)

Synopsis

#include<selinux/selinux.h>voidselinux_set_callback(inttype,unionselinux_callbackcallback);

See Also

Man Pages
SELinux Man Pages
Man Pages
Callback Man Pages
Value Research
Value Research PNG Icons
Type
Type PNG Icons
Man Pages
std::identity Man Pages
Man Pages
audit Man Pages
Man Pages
globus_net_manager_context Man Pages
Man Pages
setenforce Man Pages
Man Pages
Esys_PolicyLocality Man Pages
← View Library functions Category← Back to String manipulation🙏  Credits & Acknowledgments