MAN page from OpenSuSE libsepol-devel-2.1.9-51.40.x86_64.rpm

sepol_genusers

Section: SE Linux binary policy API documentation (3)
Updated: 15 March 2005
Index

NAME

sepol_genusers - Generate a new binary policy image with a customized user configuration

SYNOPSIS

#include <sepol/sepol.h>

int sepol_genusers(void *data, size_t len, const char *usersdir, void *newdata, size_t *newlen);

void sepol_set_delusers(int on);

DESCRIPTION

sepol_genusersgenerates a new binary policy image from an existing binary policy image stored in the memory region described bythe starting addressdataand the lengthlenand a pair of user configuration files named system.users andlocal.usersfrom the directory specified byusersdir.The resulting binary policy is placed into dynamically allocatedmemory and the variablesnewdataandnewlenare set to refer to the new binary image's starting address and length.The original binary policy image is not modified.

By default, sepol_genuserswill preserve user entries that are defined in the original binary policy imagebut not defined in the user configuration files. If such user entriesshould instead by omitted entirely from the new binary policy image, thenthesepol_set_delusersfunction may be called with onset to 1 prior to callingsepol_genusersin order to enable deletion of such users.

RETURN VALUE

Returns 0 on success or -1 otherwise, with errno set appropriately.An errno of ENOENT indicates that one or both of the userconfiguration files did not exist. An errno of EINVAL indicates thateither the original binary policy image or the generated one wereinvalid. An errno of ENOMEM indicates that insufficient memory wasavailable to process the original binary policy image or to generatethe new policy image. Invalid entries in the user configuration filesare skipped with a warning.

This document was created byman2html,using the manual pages.