From 82adf6af7c72b852449346835f33184a841b4796 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 10 Feb 2014 12:32:03 +0100 Subject: nspawn,man: use a common vocabulary when referring to selinux security contexts Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly. --- man/sd_bus_creds_get_pid.xml | 2 +- man/systemd-nspawn.xml | 24 ++++++++++++------------ man/systemd.exec.xml | 16 ++++++++++------ man/systemd.journal-fields.xml | 4 ++-- man/tmpfiles.d.xml | 6 +++--- 5 files changed, 28 insertions(+), 24 deletions(-) (limited to 'man') diff --git a/man/sd_bus_creds_get_pid.xml b/man/sd_bus_creds_get_pid.xml index 40de81f82e..d33533170f 100644 --- a/man/sd_bus_creds_get_pid.xml +++ b/man/sd_bus_creds_get_pid.xml @@ -333,7 +333,7 @@ along with systemd; If not, see . but will check the bounding capabilities mask. sd_bus_creds_get_selinux_context will - retrieve the SELinux context of the process. + retrieve the SELinux security context (label) of the process. sd_bus_creds_get_audit_session_id will retrieve the audit session identifier of the process. diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml index c95a7c0e9a..96ccc5cef7 100644 --- a/man/systemd-nspawn.xml +++ b/man/systemd-nspawn.xml @@ -249,23 +249,23 @@ - - + + - Sets the mandatory - access control (MAC/SELinux) file - label to be used by virtual API file - systems in the container. + Sets the SELinux + security context to be used to label + processes in the container. - - + + - Sets the mandatory - access control (MAC/SELinux) label to be used by - processes in the container. + Sets the SELinux security + context to be used to label files in + the virtual API file systems in the + container. @@ -495,7 +495,7 @@ # chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container # systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh - This runs a container with SELinux sandbox labels. + This runs a container with SELinux sandbox security contexts. diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml index ecf48a73c9..f4caccdd23 100644 --- a/man/systemd.exec.xml +++ b/man/systemd.exec.xml @@ -953,12 +953,16 @@ SELinuxContext= - Set the SELinux context of the - executed process. If set, this will override the - automated domain transition. However, the policy - still need to autorize the transition. This directive - is ignored if SELinux is disabled. If prefixed by -, - all errors will be ignored. See + Set the SELinux + security context of the executed + process. If set, this will override + the automated domain + transition. However, the policy still + needs to autorize the transition. This + directive is ignored if SELinux is + disabled. If prefixed by + -, all errors will + be ignored. See setexeccon3 for details. diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml index bb89ed58d3..c93b5da1dc 100644 --- a/man/systemd.journal-fields.xml +++ b/man/systemd.journal-fields.xml @@ -244,8 +244,8 @@ _SELINUX_CONTEXT= The SELinux security - context of the process the - journal entry originates + context (label) of the process + the journal entry originates from. diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml index ec1ae76b17..a304dd00e6 100644 --- a/man/tmpfiles.d.xml +++ b/man/tmpfiles.d.xml @@ -174,7 +174,7 @@ L /tmp/foobar - - - - /dev/null adjust its access mode, group and user to the specified values and reset the SELinux - label. If it does not exist, do + security context. If it does not exist, do nothing. @@ -242,7 +242,7 @@ L /tmp/foobar - - - - /dev/null z Restore - SELinux security context label + SELinux security context and set ownership and access mode of a file or directory if it exists. Lines of this type @@ -255,7 +255,7 @@ L /tmp/foobar - - - - /dev/null Z Recursively restore SELinux security - context label and set + context and set ownership and access mode of a path and all its subdirectories (if it is a -- cgit v1.2.3-54-g00ecf