summaryrefslogtreecommitdiffstats
path: root/man
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-02-10 12:32:03 +0100
committerLennart Poettering <lennart@poettering.net>2014-02-10 13:18:16 +0100
commit82adf6af7c72b852449346835f33184a841b4796 (patch)
tree0dd1c4c6dcdd9760df65300e15bd3b53b5aad553 /man
parentexec: Add support for ignoring errors on SELinuxContext by prefixing it with ... (diff)
downloadsystemd-82adf6af7c72b852449346835f33184a841b4796.tar.xz
systemd-82adf6af7c72b852449346835f33184a841b4796.zip
nspawn,man: use a common vocabulary when referring to selinux security contexts
Let's always call the security labels the same way: SMACK: "Smack Label" SELINUX: "SELinux Security Context" And the low-level encapsulation is called "seclabel". Now let's hope we stick to this vocabulary in future, too, and don't mix "label"s and "security contexts" and so on wildly.
Diffstat (limited to 'man')
-rw-r--r--man/sd_bus_creds_get_pid.xml2
-rw-r--r--man/systemd-nspawn.xml24
-rw-r--r--man/systemd.exec.xml16
-rw-r--r--man/systemd.journal-fields.xml4
-rw-r--r--man/tmpfiles.d.xml6
5 files changed, 28 insertions, 24 deletions
diff --git a/man/sd_bus_creds_get_pid.xml b/man/sd_bus_creds_get_pid.xml
index 40de81f82e..d33533170f 100644
--- a/man/sd_bus_creds_get_pid.xml
+++ b/man/sd_bus_creds_get_pid.xml
@@ -333,7 +333,7 @@ along with systemd; If not, see <http://www.gnu.org/licenses/>.
but will check the bounding capabilities mask.</para>
<para><function>sd_bus_creds_get_selinux_context</function> will
- retrieve the SELinux context of the process.</para>
+ retrieve the SELinux security context (label) of the process.</para>
<para><function>sd_bus_creds_get_audit_session_id</function> will
retrieve the audit session identifier of the process.</para>
diff --git a/man/systemd-nspawn.xml b/man/systemd-nspawn.xml
index c95a7c0e9a..96ccc5cef7 100644
--- a/man/systemd-nspawn.xml
+++ b/man/systemd-nspawn.xml
@@ -249,23 +249,23 @@
</varlistentry>
<varlistentry>
- <term><option>-L</option></term>
- <term><option>--apifs-label=</option></term>
+ <term><option>-Z</option></term>
+ <term><option>--selinux-context=</option></term>
- <listitem><para>Sets the mandatory
- access control (MAC/SELinux) file
- label to be used by virtual API file
- systems in the container.</para>
+ <listitem><para>Sets the SELinux
+ security context to be used to label
+ processes in the container.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term><option>-Z</option></term>
- <term><option>--process-label=</option></term>
+ <term><option>-L</option></term>
+ <term><option>--selinux-apifs-context=</option></term>
- <listitem><para>Sets the mandatory
- access control (MAC/SELinux) label to be used by
- processes in the container.</para>
+ <listitem><para>Sets the SELinux security
+ context to be used to label files in
+ the virtual API file systems in the
+ container.</para>
</listitem>
</varlistentry>
@@ -495,7 +495,7 @@
<programlisting># chcon system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -R /srv/container
# systemd-nspawn -L system_u:object_r:svirt_sandbox_file_t:s0:c0,c1 -Z system_u:system_r:svirt_lxc_net_t:s0:c0,c1 -D /srv/container /bin/sh</programlisting>
- <para>This runs a container with SELinux sandbox labels.</para>
+ <para>This runs a container with SELinux sandbox security contexts.</para>
</refsect1>
<refsect1>
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index ecf48a73c9..f4caccdd23 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -953,12 +953,16 @@
<varlistentry>
<term><varname>SELinuxContext=</varname></term>
- <listitem><para>Set the SELinux context of the
- executed process. If set, this will override the
- automated domain transition. However, the policy
- still need to autorize the transition. This directive
- is ignored if SELinux is disabled. If prefixed by <literal>-</literal>,
- all errors will be ignored. See
+ <listitem><para>Set the SELinux
+ security context of the executed
+ process. If set, this will override
+ the automated domain
+ transition. However, the policy still
+ needs to autorize the transition. This
+ directive is ignored if SELinux is
+ disabled. If prefixed by
+ <literal>-</literal>, all errors will
+ be ignored. See
<citerefentry><refentrytitle>setexeccon</refentrytitle><manvolnum>3</manvolnum></citerefentry>
for details.</para></listitem>
</varlistentry>
diff --git a/man/systemd.journal-fields.xml b/man/systemd.journal-fields.xml
index bb89ed58d3..c93b5da1dc 100644
--- a/man/systemd.journal-fields.xml
+++ b/man/systemd.journal-fields.xml
@@ -244,8 +244,8 @@
<term><varname>_SELINUX_CONTEXT=</varname></term>
<listitem>
<para>The SELinux security
- context of the process the
- journal entry originates
+ context (label) of the process
+ the journal entry originates
from.</para>
</listitem>
</varlistentry>
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index ec1ae76b17..a304dd00e6 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -174,7 +174,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
adjust its access mode, group
and user to the specified
values and reset the SELinux
- label. If it does not exist, do
+ security context. If it does not exist, do
nothing.</para></listitem>
</varlistentry>
@@ -242,7 +242,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
<varlistentry>
<term><varname>z</varname></term>
<listitem><para>Restore
- SELinux security context label
+ SELinux security context
and set ownership and access
mode of a file or directory if
it exists. Lines of this type
@@ -255,7 +255,7 @@ L /tmp/foobar - - - - /dev/null</programlisting>
<term><varname>Z</varname></term>
<listitem><para>Recursively
restore SELinux security
- context label and set
+ context and set
ownership and access mode of a
path and all its
subdirectories (if it is a