1sepol_genusers(3) SE Linux binary policy API documentation sepol_genusers(3)
2
6 sepol_genusers - Generate a new binary policy image with a customized
7 user configuration
8
10 #include <sepol/sepol.h>
11 int sepol_genusers(void *data, size_t len, const char *usersdir, void
13 *newdata, size_t *newlen);
14 void sepol_set_delusers(int on);
16
19 sepol_genusers generates a new binary policy image from an existing
20 binary policy image stored in the memory region described by the start‐
21 ing address data and the length len and a pair of user configuration
22 files named system.users and local.users from the directory specified
23 by usersdir. The resulting binary policy is placed into dynamically
24 allocated memory and the variables newdata and newlen are set to refer
25 to the new binary image's starting address and length. The original
26 binary policy image is not modified.
27 By default, sepol_genusers will preserve user entries that are defined
29 in the original binary policy image but not defined in the user config‐
30 uration files. If such user entries should instead by omitted entirely
31 from the new binary policy image, then the sepol_set_delusers function
32 may be called with on set to 1 prior to calling sepol_genusers in order
33 to enable deletion of such users.
34
37 Returns 0 on success or -1 otherwise, with errno set appropriately. An
38 errno of ENOENT indicates that one or both of the user configuration
39 files did not exist. An errno of EINVAL indicates that either the
40 original binary policy image or the generated one were invalid. An
41 errno of ENOMEM indicates that insufficient memory was available to
42 process the original binary policy image or to generate the new policy
43 image. Invalid entries in the user configuration files are skipped
44 with a warning.
45sds@tycho.nsa.gov 15 March 2005 sepol_genusers(3)