Provided by: libselinux1-dev_3.7-3ubuntu3_amd64 bug

NAME
       selinux_set_callback - userspace SELinux callback facilities


SYNOPSIS
       #include <selinux/selinux.h>

       void selinux_set_callback(int type, union selinux_callback callback);


DESCRIPTION
       selinux_set_callback()  sets  the  callback  indicated  by type to the value of callback, which should be
       passed as a function pointer cast to type union selinux_callback.

       All callback functions should return a negative value with errno set appropriately on error.

       The available values for type are:

       SELINUX_CB_LOG
              int (*func_log) (int type, const char *fmt, ...);

              This callback is used for logging and should process the printf(3) style fmt string and  arguments
              as  appropriate.   The  type  argument indicates the type of message and will be set to one of the
              following:

              SELINUX_ERROR

              SELINUX_WARNING

              SELINUX_INFO

              SELINUX_AVC

              SELINUX_POLICYLOAD

              SELINUX_SETENFORCE

              SELINUX_ERROR, SELINUX_WARNING, and SELINUX_INFO indicate standard log severity levels and are not
              auditable messages.

              The SELINUX_AVC, SELINUX_POLICYLOAD, and SELINUX_SETENFORCE message  types  can  be  audited  with
              AUDIT_USER_AVC,   AUDIT_USER_MAC_POLICY_LOAD,  and  AUDIT_USER_MAC_STATUS  values  from  libaudit,
              respectively.   If  they  are  not  audited,  SELINUX_AVC  should  be  considered  equivalent   to
              SELINUX_ERROR;   similarly,   SELINUX_POLICYLOAD   and  SELINUX_SETENFORCE  should  be  considered
              equivalent to SELINUX_INFO.

       SELINUX_CB_AUDIT
              int (*func_audit) (void *auditdata, security_class_t cls,
                                 char *msgbuf, size_t msgbufsize);

              This callback is used for supplemental auditing in AVC messages.  The auditdata and cls  arguments
              are  the  values  passed to avc_has_perm(3).  A human-readable interpretation should be printed to
              msgbuf using no more than msgbufsize characters.

       SELINUX_CB_VALIDATE
              int (*func_validate) (char **ctx);

              This callback is used for context validation.   The  callback  may  optionally  modify  the  input
              context  by  setting  the target of the ctx pointer to a new context.  In this case, the old value
              should be freed with freecon(3).  The value of errno should  be  set  to  EINVAL  to  indicate  an
              invalid context.

       SELINUX_CB_SETENFORCE
              int (*func_setenforce) (int enforcing);

              This  callback  is  invoked  when  the  system  enforcing  state  changes.  The enforcing argument
              indicates the new value and is set to 1 for enforcing mode, and 0 for permissive mode.

       SELINUX_CB_POLICYLOAD
              int (*func_policyload) (int seqno);

              This callback is invoked when the system security policy is reloaded.  The seqno argument  is  the
              current sequential number of the policy generation in the system.


RETURN VALUE
       None.


ERRORS
       None.


AUTHOR
       Eamon Walsh <ewalsh@tycho.nsa.gov>


SEE ALSO
       selabel_open(3), avc_init(3), avc_netlink_open(3), selinux(8)

                                                   20 Jun 2007                           selinux_set_callback(3)