Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

selinux_raw_context_to_color(3) [debian man page]

selinux_raw_context_to_color(3) 			     Library Functions Manual				   selinux_raw_context_to_color(3)

NAME

       selinux_raw_context_to_color - Return RGB color string for an SELinux security context.

SYNOPSIS

       #include <selinux/selinux.h>

       int selinux_raw_context_to_color(security_context_t raw,
	      char **color_str);

DESCRIPTION

       selinux_raw_context_to_color  returns  a  color_str associated to the raw context raw provided that the mcstransd(8) daemon is running, the
       policy is an MLS type policy (MCS or MLS) and there is a color configuration file secolor.conf(5) (see the FILES section).

       The color_str string is a space separated list of eight hexadecimal RGB triples, each prefixed by a hash character (#). These represent the
       user:role:type:range components of the foreground and background colors. An example string is shown in the EXAMPLE section.

       The returned color_str string must be freed with free(3).

       If a color has not been configured for a specific user, role, type and/or range component of context raw, then selinux_raw_context_to_color
       will select the color returned in color_str in order of precedence as follows:
	      role, type, range
	      user, type, range
	      user, role, range
	      user, role, type

       If there are no entries in the secolor.conf file for any of the components of context raw (or the file is not present),	then  the  default
       string returned in color_str is:

	      ----- user ---- ---- role ----  ---- type ----  ---- range ----
	      #000000 #ffffff #000000 #ffffff #000000 #ffffff #000000 #ffffff

RETURN VALUE

       On success, zero is returned.
       On failure, -1 is returned with errno set appropriately.

ERRORS

       ENOENT If the mcstransd(8) daemon is not running.

FILES

       selinux_raw_context_to_color  obtains  the  translated  entry  from  the  active  policy  secolor.conf(5)  file as returned by selinux_col-
       ors_path(3).  The file format is described in secolor.conf(5).

NOTES

       1. The primary use of selinux_raw_context_to_color is to return a color that corresponds to a range, that can then  be  used  to  highlight
       information at different MLS levels.

       2.  The	mcstransd(8)  daemon  process security level must dominate the raw security level passed to it by the selinux_raw_context_to_color
       function. If not, the range color selected will be as defined by the order of precedence.

EXAMPLE

       selinux_raw_context_to_color returns the foreground and background colors of the context string components  (user:role:type:range)  as  RGB
       triples as follows:

	     user     :       role	:      type	 :	range
	 fg	  bg  :   fg	   bg	:  fg	    bg	 :  fg	     bg
       #000000 #ffffff	#ffffff #000000  #d2b48c #ffa500  #000000 #008000
	black	white :  white	 black	: tan	 orange  : black   green

SEE ALSO

       selinux(8),   selinux_colors_path(3),   mcstransd(8),  secolor.conf(5),	selinux_raw_to_trans_context(3),  selinux_trans_to_raw_context(3),
       free(3)

SELinux API documentation					   08 April 2011				   selinux_raw_context_to_color(3)

Check Out this Related Man Page

SECON(1)								NSA								  SECON(1)

NAME

       secon - See an SELinux context, from a file, program or user input.

SYNOPSIS

       secon [-hVurtscmPRfLp] [CONTEXT]
       [--file] FILE
       [--link] FILE
       [--pid] PID

DESCRIPTION

       See a part of a context. The context is taken from a file, pid, user input or the context in which secon is originally executed.

       -V, --version
	      shows the current version of secon

       -h, --help
	      shows the usage information for secon

       -P, --prompt
	      outputs data in a format suitable for a prompt

       -u, --user
	      show the user of the security context

       -r, --role
	      show the role of the security context

       -t, --type
	      show the type of the security context

       -s, --sensitivity
	      show the sensitivity level of the security context

       -c, --clearance
	      show the clearance level of the security context

       -m, --mls-range
	      show the sensitivity level and clearance, as a range, of the security context

       -R, --raw
	      outputs  the sensitivity level and clearance in an untranslated format.

       -f, --file
	      gets the context from the specified file FILE

       -L, --link
	      gets the context from the specified file FILE (doesn't follow symlinks)

       -p, --pid
	      gets the context from the specified process PID

       --pid-exec
	      gets the exec context from the specified process PID

       --pid-fs
	      gets the fscreate context from the specified process PID

       --current, --self
	      gets the context from the current process

       --current-exec, --self-exec
	      gets the exec context from the current process

       --current-fs, --self-fs
	      gets the fscreate context from the current process

       --parent
	      gets the context from the parent of the current process

       --parent-exec
	      gets the exec context from the parent of the current process

       --parent-fs
	      gets the fscreate context from the parent of the current process

       Additional  argument CONTEXT may be provided and will be used if no options have been specified to make secon get it's context from another
       source.	If that argument is - then the context will be read from stdin.
       If there is no arugment, secon will try reading a context from stdin, if that is not a tty, otherwise secon will act as though  --self  had
       been passed.

       If none of --user, --role, --type, --level or --mls-range is passed.  Then all of them will be output.

SEE ALSO

       chcon (1)

AUTHORS

       James Antill (james.antill@redhat.com)

Security Enhanced Linux 					    April 2006								  SECON(1)
Man Page