:: RootR ::  Hosting Order Map Login   Secure Inter-Network Operations  
 
avc_destroy(3) - phpMan

Command: man perldoc info search(apropos)  


avc_open(3)                         SELinux API documentation                         avc_open(3)



NAME
       avc_open, avc_destroy, avc_reset, avc_cleanup - userspace SELinux AVC setup and teardown

SYNOPSIS
       #include <selinux/selinux.h>
       #include <selinux/avc.h>

       int avc_open(struct selinux_opt *options, unsigned nopt);

       void avc_destroy(void);

       int avc_reset(void);

       void avc_cleanup(void);

DESCRIPTION
       avc_open() initializes the userspace AVC and must be called before any other AVC operation
       can be performed.

       avc_destroy() destroys the userspace AVC, freeing all internal memory  structures.   After
       this  call has been made, avc_open() must be called again before any AVC operations can be
       performed.

       avc_reset() flushes the userspace AVC, causing it to forget any cached  access  decisions.
       The  userspace  AVC  normally  calls  this function automatically when needed, see NETLINK
       NOTIFICATION below.

       avc_cleanup() attempts to free unused memory within the userspace AVC, but does not  flush
       any  cached access decisions.  Under normal operation, calling this function should not be
       necessary.

OPTIONS
       The userspace AVC obeys callbacks set via selinux_set_callback(3), in particular the  log‐
       ging and audit callbacks.

       The options which may be passed to avc_open() include the following:

       AVC_OPT_SETENFORCE
              This  option  forces  the  userspace AVC into enforcing mode if the option value is
              non-NULL; permissive mode otherwise.  The system enforcing mode will be ignored.

NETLINK NOTIFICATION
       Beginning with version 2.6.4, the Linux kernel supports SELinux status change notification
       via  netlink.   Two  message  types  are  currently implemented, indicating changes to the
       enforcing mode and to the loaded policy in the kernel, respectively.   The  userspace  AVC
       listens  for  these  messages  and takes the appropriate action, modifying the behavior of
       avc_has_perm(3) to reflect the current enforcing mode and flushing the cache on receipt of
       a  policy  load  notification.  Audit messages are produced when netlink notifications are
       processed.

RETURN VALUE
       Functions with a return value return zero on success.  On error, -1 is returned and  errno
       is set appropriately.

AUTHOR
       Eamon Walsh <ewalsh AT tycho.gov>

SEE ALSO
       selinux(8),   avc_has_perm(3),  avc_context_to_sid(3),  avc_cache_stats(3),  avc_add_call‐
       back(3), selinux_set_callback(3), security_compute_av(3)



                                           12 Jun 2008                                avc_open(3)


/man
rootr.net - man pages