Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
libselinux: improve getcon(3) man page
Improve formatting of section DESCRIPTION by adding list points.
Mention errno is set on failure.
Mention the returned context might be NULL if SELinux is not enabled.
Align setcon/_raw parameter by adding const.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: Petr Lautrbach <plautrba@redhat.com>
  • Loading branch information
cgzones authored and bachradsusi committed Jun 9, 2021
1 parent ed2e4db commit ea02e0a
Showing 1 changed file with 29 additions and 12 deletions.
41 changes: 29 additions & 12 deletions libselinux/man/man3/getcon.3
Expand Up @@ -7,7 +7,7 @@ freecon, freeconary \- free memory associated with SELinux security contexts
getpeercon \- get security context of a peer socket

setcon \- set current security context of a process
.

.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
Expand All @@ -31,37 +31,47 @@ setcon \- set current security context of a process
.sp
.BI "void freeconary(char **" con );
.sp
.BI "int setcon(char *" context );
.BI "int setcon(const char *" context );
.sp
.BI "int setcon_raw(char *" context );
.
.BI "int setcon_raw(const char *" context );

.SH "DESCRIPTION"
.TP
.BR getcon ()
retrieves the context of the current process, which must be free'd with
freecon.
.BR freecon ().

.TP
.BR getprevcon ()
same as getcon but gets the context before the last exec.

.TP
.BR getpidcon ()
returns the process context for the specified PID.
returns the process context for the specified PID, which must be free'd with
.BR freecon ().

.TP
.BR getpeercon ()
retrieves context of peer socket, and set
.BI * context
to refer to it, which must be free'd with
retrieves the context of the peer socket, which must be free'd with
.BR freecon ().

.TP
.BR freecon ()
frees the memory allocated for a security context.

If
.I con
is NULL, no operation is performed.

.TP
.BR freeconary ()
frees the memory allocated for a context array.

If
.I con
is NULL, no operation is performed.

.TP
.BR setcon ()
sets the current security context of the process to a new value. Note
that use of this function requires that the entire application be
Expand Down Expand Up @@ -110,6 +120,8 @@ context and the
.BR setcon ()
will fail if it is not allowed by policy.

.TP
.BR *_raw()
.BR getcon_raw (),
.BR getprevcon_raw (),
.BR getpidcon_raw (),
Expand All @@ -118,9 +130,14 @@ and
.BR setcon_raw ()
behave identically to their non-raw counterparts but do not perform context
translation.
.

.SH "RETURN VALUE"
On error \-1 is returned. On success 0 is returned.
.
On error \-1 is returned with errno set. On success 0 is returned.

.SH "NOTES"
The retrieval functions might return success and set
.I *context
to NULL if and only if SELinux is not enabled.

.SH "SEE ALSO"
.BR selinux "(8), " setexeccon "(3)"

0 comments on commit ea02e0a

Please sign in to comment.