NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | AUTHOR | SEE ALSO | COLOPHON |
|
|
selinux_set_callback(3) SELinux API documentationselinux_set_callback(3)
selinux_set_callback - userspace SELinux callback facilities
#include <selinux/selinux.h> void selinux_set_callback(int type, union selinux_callback callback);
selinux_set_callback() sets the callback indicated by type to the value of callback, which should be passed as a function pointer cast to type union selinux_callback. All callback functions should return a negative value with errno set appropriately on error. The available values for type are: SELINUX_CB_LOG int (*func_log) (int type, const char *fmt, ...); This callback is used for logging and should process the printf(3) style fmt string and arguments as appropriate. The type argument indicates the type of message and will be set to one of the following: SELINUX_ERROR SELINUX_WARNING SELINUX_INFO SELINUX_AVC SELINUX_POLICYLOAD SELINUX_SETENFORCE SELINUX_ERROR, SELINUX_WARNING, and SELINUX_INFO indicate standard log severity levels and are not auditable messages. The SELINUX_AVC, SELINUX_POLICYLOAD, and SELINUX_SETENFORCE message types can be audited with AUDIT_USER_AVC, AUDIT_USER_MAC_POLICY_LOAD, and AUDIT_USER_MAC_STATUS values from libaudit, respectively. If they are not audited, SELINUX_AVC should be considered equivalent to SELINUX_ERROR; similarly, SELINUX_POLICYLOAD and SELINUX_SETENFORCE should be considered equivalent to SELINUX_INFO. SELINUX_CB_AUDIT int (*func_audit) (void *auditdata, security_class_t cls, char *msgbuf, size_t msgbufsize); This callback is used for supplemental auditing in AVC messages. The auditdata and cls arguments are the values passed to avc_has_perm(3). A human-readable interpretation should be printed to msgbuf using no more than msgbufsize characters. SELINUX_CB_VALIDATE int (*func_validate) (char **ctx); This callback is used for context validation. The callback may optionally modify the input context by setting the target of the ctx pointer to a new context. In this case, the old value should be freed with freecon(3). The value of errno should be set to EINVAL to indicate an invalid context. SELINUX_CB_SETENFORCE int (*func_setenforce) (int enforcing); This callback is invoked when the system enforcing state changes. The enforcing argument indicates the new value and is set to 1 for enforcing mode, and 0 for permissive mode. SELINUX_CB_POLICYLOAD int (*func_policyload) (int seqno); This callback is invoked when the system security policy is reloaded. The seqno argument is the current sequential number of the policy generation in the system.
None.
None.
Eamon Walsh <ewalsh@tycho.nsa.gov>
selabel_open(3), avc_init(3), avc_netlink_open(3), selinux(8)
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the
project can be found at
⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a
bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2024-06-14. (At
that time, the date of the most recent commit that was found in
the repository was 2023-05-11.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
20 Jun 2007 selinux_set_callback(3)
Pages that refer to this page: avc_has_perm(3), avc_init(3), avc_netlink_loop(3), avc_open(3), security_compute_av(3), selabel_lookup(3), selabel_lookup_best_match(3), selabel_open(3), selabel_partial_match(3), selabel_stats(3), selinux_restorecon(3), selinux_restorecon_xattr(3), selinux_set_mapping(3), selabel_db(5), selabel_file(5), selabel_media(5), selabel_x(5)