sepol_genusers(3) SE Linux binary policy API documentation sepol_genusers(3)

NAME         top

       sepol_genusers - Generate a new binary policy image with a customized
       user configuration

SYNOPSIS         top

       #include <sepol/sepol.h>

       int sepol_genusers(void *data, size_t len, const char *usersdir, void
       *newdata, size_t *newlen);

       void sepol_set_delusers(int on);

DESCRIPTION         top

       sepol_genusers generates a new binary policy image from an existing
       binary policy image stored in the memory region described by the
       starting address data and the length len and a pair of user
       configuration files named system.users and local.users from the
       directory specified by usersdir.  The resulting binary policy is
       placed into dynamically allocated memory and the variables newdata
       and newlen are set to refer to the new binary image's starting
       address and length.  The original binary policy image is not

       By default, sepol_genusers will preserve user entries that are
       defined in the original binary policy image but not defined in the
       user configuration files.  If such user entries should instead by
       omitted entirely from the new binary policy image, then the
       sepol_set_delusers function may be called with on set to 1 prior to
       calling sepol_genusers in order to enable deletion of such users.

RETURN VALUE         top

       Returns 0 on success or -1 otherwise, with errno set appropriately.
       An errno of ENOENT indicates that one or both of the user
       configuration files did not exist.  An errno of EINVAL indicates that
       either the original binary policy image or the generated one were
       invalid.  An errno of ENOMEM indicates that insufficient memory was
       available to process the original binary policy image or to generate
       the new policy image.  Invalid entries in the user configuration
       files are skipped with a warning.

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨⟩.  If you
       have a bug report for this manual page, see
       ⟨⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨⟩ on 2018-04-30.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2018-04-26.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not part
       of the original manual page), send a mail to               15 March 2005              sepol_genusers(3)