diff options
Diffstat (limited to 'man')
| -rw-r--r-- | man/sd_bus_creds_get_pid.xml | 2 | ||||
| -rw-r--r-- | man/systemd-nspawn.xml | 24 | ||||
| -rw-r--r-- | man/systemd.exec.xml | 16 | ||||
| -rw-r--r-- | man/systemd.journal-fields.xml | 4 | ||||
| -rw-r--r-- | man/tmpfiles.d.xml | 6 |
5 files changed, 28 insertions, 24 deletions
diff --git a/man/sd_bus_creds_get_pid.xml b/man/sd_bus_creds_get_pid.xml index 40de81f82e..d33533170f 100644 --- a/man/sd_bus_creds_get_pid.xml +++ b/man/sd_bus_creds_get_pid.xml @@ -333,7 +333,7 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>. but will check the bounding capabilities mask.</para> <para><function>sd_bus_creds_get_selinux_context</function> will - retrieve the SELinux context of the process.</para> + retrieve the SELinux security context (label) of the process.</para> <para><function>sd_bus_creds_get_audit_session_id</function> will retrieve the audit session identifier of the process.</para> diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index c95a7c0e9a..96ccc5cef7 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -249,23 +249,23 @@ </varlistentry> <varlistentry> - <term><option>-L</option></term> - <term><option>--apifs-label=</option></term> + <term><option>-Z</option></term> + <term><option>--selinux-context=</option></term> - <listitem><para>Sets the mandatory - access control (MAC/SELinux) file - label to be used by virtual API file - systems in the container.</para> + <listitem><para>Sets the SELinux + security context to be used to label + processes in the container.</para> </listitem> </varlistentry> <varlistentry> - <term><option>-Z</option></term> - <term><option>--process-label=</option></term> + <term><option>-L</option></term> + <term><option>--selinux-apifs-context=</option></term> - <listitem><para>Sets the mandatory - access control (MAC/SELinux) label to be used by - processes in the container.</para> + <listitem><para>Sets the SELinux security + context to be used to label files in + the virtual API file systems in the + container.</para> </listitem> </varlistentry> @@ -495,7 +495,7 @@ <programlisting># chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container # systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh</programlisting> - <para>This runs a container with SELinux sandbox labels.</para> + <para>This runs a container with SELinux sandbox security contexts.</para> </refsect1> <refsect1> diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index ecf48a73c9..f4caccdd23 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -953,12 +953,16 @@ <varlistentry> <term><varname>SELinuxContext=</varname></term> - <listitem><para>Set the SELinux context of the - executed process. If set, this will override the - automated domain transition. However, the policy - still need to autorize the transition. This directive - is ignored if SELinux is disabled. If prefixed by <literal>-</literal>, - all errors will be ignored. See + <listitem><para>Set the SELinux + security context of the executed + process. If set, this will override + the automated domain + transition. However, the policy still + needs to autorize the transition. This + directive is ignored if SELinux is + disabled. If prefixed by + <literal>-</literal>, all errors will + be ignored. See <citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry> for details.</para></listitem> </varlistentry> diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index bb89ed58d3..c93b5da1dc 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -244,8 +244,8 @@ <term><varname>_SELINUX_CONTEXT=</varname></term> <listitem> <para>The SELinux security - context of the process the - journal entry originates + context (label) of the process + the journal entry originates from.</para> </listitem> </varlistentry> diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index ec1ae76b17..a304dd00e6 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -174,7 +174,7 @@ L /tmp/foobar - - - - /dev/null</programlisting> adjust its access mode, group and user to the specified values and reset the SELinux - label. If it does not exist, do + security context. If it does not exist, do nothing.</para></listitem> </varlistentry> @@ -242,7 +242,7 @@ L /tmp/foobar - - - - /dev/null</programlisting> <varlistentry> <term><varname>z</varname></term> <listitem><para>Restore - SELinux security context label + SELinux security context and set ownership and access mode of a file or directory if it exists. Lines of this type @@ -255,7 +255,7 @@ L /tmp/foobar - - - - /dev/null</programlisting> <term><varname>Z</varname></term> <listitem><para>Recursively restore SELinux security - context label and set + context and set ownership and access mode of a path and all its subdirectories (if it is a |