diff options
| author | Lennart Poettering <lennart@poettering.net> | 2014-02-10 12:32:03 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2014-02-10 13:18:16 +0100 |
| commit | 82adf6af7c72b852449346835f33184a841b4796 (patch) | |
| tree | 0dd1c4c6dcdd9760df65300e15bd3b53b5aad553 /man | |
| parent | 0d3f7bb3a5bc6d5c0712f88a080fed388981bca3 (diff) | |
nspawn,man: use a common vocabulary when referring to selinux security contexts
Let's always call the security labels the same way:
SMACK: "Smack Label"
SELINUX: "SELinux Security Context"
And the low-level encapsulation is called "seclabel". Now let's hope we
stick to this vocabulary in future, too, and don't mix "label"s and
"security contexts" and so on wildly.
Diffstat (limited to 'man')
| -rw-r--r-- | man/sd_bus_creds_get_pid.xml | 2 | ||||
| -rw-r--r-- | man/systemd-nspawn.xml | 24 | ||||
| -rw-r--r-- | man/systemd.exec.xml | 16 | ||||
| -rw-r--r-- | man/systemd.journal-fields.xml | 4 | ||||
| -rw-r--r-- | man/tmpfiles.d.xml | 6 |
5 files changed, 28 insertions, 24 deletions
diff --git a/man/sd_bus_creds_get_pid.xml b/man/sd_bus_creds_get_pid.xml index 40de81f82e..d33533170f 100644 --- a/man/sd_bus_creds_get_pid.xml +++ b/man/sd_bus_creds_get_pid.xml @@ -333,7 +333,7 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. but will check the bounding capabilities mask.</para> <para><function>sd_bus_creds_get_selinux_context</function> will - retrieve the SELinux context of the process.</para> + retrieve the SELinux security context (label) of the process.</para> <para><function>sd_bus_creds_get_audit_session_id</function> will retrieve the audit session identifier of the process.</para> diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index c95a7c0e9a..96ccc5cef7 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -249,23 +249,23 @@ </varlistentry> <varlistentry> - <term><option>-L</option></term> - <term><option>--apifs-label=</option></term> + <term><option>-Z</option></term> + <term><option>--selinux-context=</option></term> - <listitem><para>Sets the mandatory - access control (MAC/SELinux) file - label to be used by virtual API file - systems in the container.</para> + <listitem><para>Sets the SELinux + security context to be used to label + processes in the container.</para> </listitem> </varlistentry> <varlistentry> - <term><option>-Z</option></term> - <term><option>--process-label=</option></term> + <term><option>-L</option></term> + <term><option>--selinux-apifs-context=</option></term> - <listitem><para>Sets the mandatory - access control (MAC/SELinux) label to be used by - processes in the container.</para> + <listitem><para>Sets the SELinux security + context to be used to label files in + the virtual API file systems in the + container.</para> </listitem> </varlistentry> @@ -495,7 +495,7 @@ <programlisting># chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container # systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh</programlisting> - <para>This runs a container with SELinux sandbox labels.</para> + <para>This runs a container with SELinux sandbox security contexts.</para> </refsect1> <refsect1> diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index ecf48a73c9..f4caccdd23 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -953,12 +953,16 @@ <varlistentry> <term><varname>SELinuxContext=</varname></term> - <listitem><para>Set the SELinux context of the - executed process. If set, this will override the - automated domain transition. However, the policy - still need to autorize the transition. This directive - is ignored if SELinux is disabled. If prefixed by <literal>-</literal>, - all errors will be ignored. See + <listitem><para>Set the SELinux + security context of the executed + process. If set, this will override + the automated domain + transition. However, the policy still + needs to autorize the transition. This + directive is ignored if SELinux is + disabled. If prefixed by + <literal>-</literal>, all errors will + be ignored. See <citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry> for details.</para></listitem> </varlistentry> diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index bb89ed58d3..c93b5da1dc 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -244,8 +244,8 @@ <term><varname>_SELINUX_CONTEXT=</varname></term> <listitem> <para>The SELinux security - context of the process the - journal entry originates + context (label) of the process + the journal entry originates from.</para> </listitem> </varlistentry> diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index ec1ae76b17..a304dd00e6 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -174,7 +174,7 @@ L /tmp/foobar - - - - /dev/null</programlisting> adjust its access mode, group and user to the specified values and reset the SELinux - label. If it does not exist, do + security context. If it does not exist, do nothing.</para></listitem> </varlistentry> @@ -242,7 +242,7 @@ L /tmp/foobar - - - - /dev/null</programlisting> <varlistentry> <term><varname>z</varname></term> <listitem><para>Restore - SELinux security context label + SELinux security context and set ownership and access mode of a file or directory if it exists. Lines of this type @@ -255,7 +255,7 @@ L /tmp/foobar - - - - /dev/null</programlisting> <term><varname>Z</varname></term> <listitem><para>Recursively restore SELinux security - context label and set + context and set ownership and access mode of a path and all its subdirectories (if it is a |