NAME

       sepol_genusers - Generate a new binary policy image with a customized user configuration

SYNOPSIS

       #include <sepol/sepol.h>

       int sepol_genusers(void *data, size_t len, const char *usersdir, void *newdata, size_t *newlen);

       void sepol_set_delusers(int on);

DESCRIPTION

       sepol_genusers  generates  a  new  binary policy image from an existing binary policy image stored in the
       memory region described by the starting address data and the length len and a pair of user  configuration
       files  named system.users and local.users from the directory specified by usersdir.  The resulting binary
       policy is placed into dynamically allocated memory and the variables newdata and newlen are set to  refer
       to the new binary image's starting address and length.  The original binary policy image is not modified.

       By  default,  sepol_genusers  will  preserve  user entries that are defined in the original binary policy
       image but not defined in the user configuration files.  If such user entries should  instead  by  omitted
       entirely from the new binary policy image, then the sepol_set_delusers function may be called with on set
       to 1 prior to calling sepol_genusers in order to enable deletion of such users.

RETURN VALUE

       Returns  0  on  success or -1 otherwise, with errno set appropriately.  An errno of ENOENT indicates that
       one or both of the user configuration files did not exist.  An errno of EINVAL indicates that either  the
       original  binary  policy  image  or  the  generated  one were invalid.  An errno of ENOMEM indicates that
       insufficient memory was available to process the original binary policy image  or  to  generate  the  new
       policy image.  Invalid entries in the user configuration files are skipped with a warning.

sds@tycho.nsa.gov                                 15 March 2005                                sepol_genusers(3)