bionic (3) sepol_genusers.3.gz

Provided by: libsepol1-dev_2.7-1ubuntu0.1_amd64 bug

NAME
       sepol_genusers - Generate a new binary policy image with a customized user configuration


SYNOPSIS
       #include <sepol/sepol.h>

       int sepol_genusers(void *data, size_t len, const char *usersdir, void *newdata, size_t *newlen);

       void sepol_set_delusers(int on);


DESCRIPTION
       sepol_genusers  generates  a  new  binary policy image from an existing binary policy image stored in the
       memory region described by the starting address data and the length len and a pair of user  configuration
       files  named system.users and local.users from the directory specified by usersdir.  The resulting binary
       policy is placed into dynamically allocated memory and the variables newdata and newlen are set to  refer
       to the new binary image's starting address and length.  The original binary policy image is not modified.

       By  default,  sepol_genusers  will  preserve  user entries that are defined in the original binary policy
       image but not defined in the user configuration files.  If such user entries should  instead  by  omitted
       entirely from the new binary policy image, then the sepol_set_delusers function may be called with on set
       to 1 prior to calling sepol_genusers in order to enable deletion of such users.


RETURN VALUE
       Returns 0 on success or -1 otherwise, with errno set appropriately.  An errno of  ENOENT  indicates  that
       one  or both of the user configuration files did not exist.  An errno of EINVAL indicates that either the
       original binary policy image or the generated one were  invalid.   An  errno  of  ENOMEM  indicates  that
       insufficient  memory  was  available  to  process the original binary policy image or to generate the new
       policy image.  Invalid entries in the user configuration files are skipped with a warning.