+2009-08-07 Jim Meyering <meyering@redhat.com>
+
+ selinux-at: remove redundant m4 code, add documentation
+ * modules/selinux-at (configure.ac): Remove redundant code.
+ LIB_SELINUX is already set via the dependent module, selinux-h.
+ (Include): Add quotes around selinux-at.h.
+ * lib/selinux-at.h: Add documentation.
+ Reported by Bruno Haible in
+ http://marc.info/?l=gnulib-bug&m=124958988300749
+
2009-08-07 Bruno Haible <bruno@clisp.org>
Avoid link error on MacOS X 10.3 and 10.4.
#include <selinux/selinux.h>
#include <selinux/context.h>
-int getfileconat (int fd, char const *file, security_context_t *con);
-int lgetfileconat (int fd, char const *file, security_context_t *con);
-int setfileconat (int fd, char const *file, security_context_t con);
-int lsetfileconat (int fd, char const *file, security_context_t con);
+/* These are the dir-fd-relative variants of the functions without the
+ "at" suffix. For example, getfileconat (AT_FDCWD, file, &c) is usually
+ equivalent to getfileconat (file, &c). The emulation is accomplished
+ by first attempting getfilecon ("/proc/self/fd/DIRFD/FILE", &c).
+ Failing that, simulate it via save_cwd/fchdir/getfilecon/restore_cwd.
+ If either the save_cwd or the restore_cwd fails (relatively unlikely),
+ then give a diagnostic and exit nonzero. */
+
+/* dir-fd-relative getfilecon. Set *CON to the SELinux security context
+ of the file specified by DIRFD and FILE and return the length of *CON.
+ DIRFD and FILE are interpreted as for fstatat[*]. A non-NULL *CON
+ must be freed with freecon. Upon error, set *CON to NULL, set errno
+ and return -1.
+ [*] with flags=0 here, with flags=AT_SYMLINK_NOFOLLOW for lgetfileconat */
+int getfileconat (int dirfd, char const *file, security_context_t *con);
+
+/* dir-fd-relative lgetfilecon. This function is just like getfileconat,
+ except when DIRFD and FILE specify a symlink: lgetfileconat operates on
+ the symlink, while getfileconat operates on the referent of the symlink. */
+int lgetfileconat (int dirfd, char const *file, security_context_t *con);
+
+/* dir-fd-relative setfilecon. Set the SELinux security context of
+ the file specified by DIRFD and FILE to CON. DIRFD and FILE are
+ interpreted as for fstatat[*]. Upon success, return 0.
+ Otherwise, return -1 and set errno. */
+int setfileconat (int dirfd, char const *file, security_context_t con);
+
+/* dir-fd-relative lsetfilecon. This function is just like setfileconat,
+ except that rather than dereferencing a symlink, this function affects it. */
+/* dir-fd-relative lsetfilecon. This function is just like setfileconat,
+ except when DIRFD and FILE specify a symlink: lsetfileconat operates on
+ the symlink, while setfileconat operates on the referent of the symlink. */
+int lsetfileconat (int dirfd, char const *file, security_context_t con);
projects / pspp / commitdiff