You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
85 lines
2.6 KiB
85 lines
2.6 KiB
4 months ago
|
.\" Hey Emacs! This file is -*- nroff -*- source.
|
||
|
.\"
|
||
|
.\" Author: KaiGai Kohei (kaigai@ak.jp.nec.com) 2009
|
||
|
.TH "avc_netlink_loop" "3" "30 Mar 2009" "" "SELinux API documentation"
|
||
|
.SH "NAME"
|
||
|
avc_netlink_open, avc_netlink_close, avc_netlink_acquire_fd,
|
||
|
avc_netlink_release_fd, avc_netlink_check_nb, avc_netlink_loop \- SELinux
|
||
|
netlink processing
|
||
|
.
|
||
|
.SH "SYNOPSIS"
|
||
|
.B #include <selinux/selinux.h>
|
||
|
.br
|
||
|
.B #include <selinux/avc.h>
|
||
|
.sp
|
||
|
.BI "int avc_netlink_open(int " blocking ");"
|
||
|
.sp
|
||
|
.B void avc_netlink_close(void);
|
||
|
.sp
|
||
|
.B int avc_netlink_acquire_fd(void);
|
||
|
.sp
|
||
|
.B void avc_netlink_release_fd(void);
|
||
|
.sp
|
||
|
.B void avc_netlink_loop(void);
|
||
|
.sp
|
||
|
.B int avc_netlink_check_nb(void);
|
||
|
.
|
||
|
.SH "DESCRIPTION"
|
||
|
These functions enable applications to handle notification of SELinux events
|
||
|
via netlink. The userspace AVC normally checks for netlink messages on each
|
||
|
call to
|
||
|
.BR avc_has_perm (3).
|
||
|
Applications may wish to override this behavior and check for notification
|
||
|
separately, for example in a
|
||
|
.BR select (2)
|
||
|
loop. These functions also permit netlink monitoring without requiring a
|
||
|
call to
|
||
|
.BR avc_open (3).
|
||
|
|
||
|
.BR avc_netlink_open ()
|
||
|
opens a netlink socket to receive SELinux notifications. The socket
|
||
|
descriptor is stored internally; use
|
||
|
.BR avc_netlink_acquire_fd (3)
|
||
|
to take ownership of it in application code. The
|
||
|
.I blocking
|
||
|
argument controls whether the O_NONBLOCK flag is set on the socket descriptor.
|
||
|
.BR avc_open (3)
|
||
|
calls this function internally, specifying non-blocking behavior.
|
||
|
|
||
|
.BR avc_netlink_close ()
|
||
|
closes the netlink socket. This function is called automatically by
|
||
|
.BR avc_destroy (3).
|
||
|
|
||
|
.BR avc_netlink_acquire_fd ()
|
||
|
returns the netlink socket descriptor number and informs the userspace AVC
|
||
|
not to check the socket descriptor automatically on calls to
|
||
|
.BR avc_has_perm (3).
|
||
|
|
||
|
.BR avc_netlink_release_fd ()
|
||
|
returns control of the netlink socket to the userspace AVC, re-enabling
|
||
|
automatic processing of notifications.
|
||
|
|
||
|
.BR avc_netlink_check_nb ()
|
||
|
checks the netlink socket for pending messages and processes them.
|
||
|
Callbacks for policyload and enforcing changes will be called;
|
||
|
see
|
||
|
.BR selinux_set_callback (3).
|
||
|
This function does not block.
|
||
|
|
||
|
.BR avc_netlink_loop ()
|
||
|
enters a loop blocking on the netlink socket and processing messages as they
|
||
|
are received. This function will not return unless an error occurs on
|
||
|
the socket, in which case the socket is closed.
|
||
|
.
|
||
|
.SH "RETURN VALUE"
|
||
|
.BR avc_netlink_acquire_fd ()
|
||
|
returns a non-negative file descriptor number on success. Other functions
|
||
|
with a return value return zero on success. On error, \-1 is returned and
|
||
|
.I errno
|
||
|
is set appropriately.
|
||
|
.
|
||
|
.SH "SEE ALSO"
|
||
|
.BR avc_open (3),
|
||
|
.BR selinux_set_callback (3),
|
||
|
.BR selinux (8)
|