Document SELinux support functions in Lisp manual.

* doc/lispref/backups.texi (Making Backups): Return value of backup-buffer is changed. * doc/lispref/files.texi (File Attributes): Document file-selinux-context. (Changing Files): Link to it. (Changing Files): Document set-file-selinux-context. * fileio.c (Ffile_selinux_context, Fset_file_selinux_context): Doc fix.
author: Chong Yidong 2012-02-25 17:07:23 +0800
committer: Chong Yidong 2012-02-25 17:07:23 +0800
commit: fa74b241a324c5c44c4223c2d1b4c2fcb605eb72 (patch)
tree: 64313858047c7834da491e0166cedc981ad8167c
parent: a3fcfa99f65c578d857ce0f6e8595f6a5ad77ec8 (diff)
download: emacs-fa74b241a324c5c44c4223c2d1b4c2fcb605eb72.tar.gz
emacs-fa74b241a324c5c44c4223c2d1b4c2fcb605eb72.zip
5 files changed, 75 insertions, 31 deletions
diff --git a/doc/lispref/ChangeLog b/doc/lispref/ChangeLog
index 089aa8ba096..30abe19d192 100644
--- a/doc/lispref/ChangeLog
+++ b/doc/lispref/ChangeLog
@@ -1,5 +1,12 @@
 2012-02-25  Chong Yidong  <cyd@gnu.org>
+        * files.texi (File Attributes): Document file-selinux-context.
+        (Changing Files): Link to it.
+        (Changing Files): Document set-file-selinux-context.
+        * backups.texi (Making Backups): Return value of backup-buffer is
+        changed.
        * searching.texi (Regexp Backslash): Add index entry (Bug#10869).
 2012-02-24  Glenn Morris  <rgm@gnu.org>
diff --git a/doc/lispref/backups.texi b/doc/lispref/backups.texi
index a4b3a0b9bef..de41efacdeb 100644
--- a/doc/lispref/backups.texi
+++ b/doc/lispref/backups.texi
@@ -57,12 +57,13 @@ buffer, if appropriate.  It is called by @code{save-buffer} before
 saving the buffer the first time.
 If a backup was made by renaming, the return value is a cons cell of
-the form (@var{modes} . @var{backupname}), where @var{modes} are the
+the form (@var{modes} @var{context} @var{backupname}), where
-mode bits of the original file, as returned by @code{file-modes}
+@var{modes} are the mode bits of the original file, as returned by
-(@pxref{File Attributes,, Other Information about Files}), and
+@code{file-modes} (@pxref{File Attributes,, Other Information about
-@var{backupname} is the name of the backup.  In all other cases, that
+Files}), @var{context} is a list describing the original file's
-is, if a backup was made by copying or if no backup was made, this
+SELinux context (@pxref{File Attributes}), and @var{backupname} is the
-function returns @code{nil}.
+name of the backup.  In all other cases, that is, if a backup was made
+by copying or if no backup was made, this function returns @code{nil}.
 @end defun
 @defvar buffer-backed-up
diff --git a/doc/lispref/files.texi b/doc/lispref/files.texi
index 69e0003a46b..39e6549f4b9 100644
--- a/doc/lispref/files.texi
+++ b/doc/lispref/files.texi
@@ -1129,6 +1129,18 @@ both others and group, and that the sticky bit is set.
 @xref{Changing Files}, for functions that change file permissions,
 such as @code{set-file-modes}.
+@cindex MS-DOS and file modes
+@cindex file modes and MS-DOS
+@strong{MS-DOS note:} On MS-DOS, there is no such thing as an
+``executable'' file mode bit.  So @code{file-modes} considers a file
+executable if its name ends in one of the standard executable
+extensions, such as @file{.com}, @file{.bat}, @file{.exe}, and some
+others.  Files that begin with the Unix-standard @samp{#!} signature,
+such as shell and Perl scripts, are also considered executable.
+Directories are also reported as executable, for compatibility with
+Unix.  These conventions are also followed by @code{file-attributes},
+below.
 @end defun
  If the @var{filename} argument to the next two functions is a
@@ -1304,16 +1316,26 @@ is on the file-system device whose number is 1014478468.
 @end table
 @end defun
-@cindex MS-DOS and file modes
+@cindex SELinux context
-@cindex file modes and MS-DOS
+  SELinux is a Linux kernel feature which provides more sophisticated
-  On MS-DOS, there is no such thing as an ``executable'' file mode bit.
+file access controls than ordinary ``Unix-style'' file permissions.
-So Emacs considers a file executable if its name ends in one of the
+If Emacs has been compiled with SELinux support on a system with
-standard executable extensions, such as @file{.com}, @file{.bat},
+SELinux enabled, you can use the function @code{file-selinux-context}
-@file{.exe}, and some others.  Files that begin with the Unix-standard
+to retrieve a file's SELinux security context.  For the function
-@samp{#!} signature, such as shell and Perl scripts, are also considered
+@code{set-file-selinux-context}, see @ref{Changing Files}.
-as executable files.  This is reflected in the values returned by
-@code{file-modes} and @code{file-attributes}.  Directories are also
+@defun file-selinux-context filename
-reported with executable bit set, for compatibility with Unix.
+This function returns the SELinux security context of the file
+@var{filename}.  This return value is a list of the form
+@code{(@var{user} @var{role} @var{type} @var{range})}, whose elements
+are the context's user, role, type, and range respectively, as Lisp
+strings.  See the SELinux documentation for details about what these
+actually mean.
+If the file does not exist or is inaccessible, or if the system does
+not support SELinux, or if Emacs was not compiled with SELinux
+support, then the return value is @code{(nil nil nil nil)}.
+@end defun
 @node Locating Files
 @subsection How to Locate Files in Standard Places
@@ -1528,15 +1550,9 @@ non-@code{nil}, we attempt to copy the user and group ownership of the
 file.  This works only on some operating systems, and only if you have
 the correct permissions to do so.
-@cindex SELinux
+If the optional argument @var{preserve-selinux} is non-@code{nil}, and
-If the optional argument @var{preserve-selinux} is non-@code{nil}, we
+Emacs has been compiled with SELinux support, this function attempts
-attempt to copy the SELinux@footnote{@samp{Security-Enhanced Linux}
+to copy the file's SELinux context (@pxref{File Attributes}).
-is a kernel feature that allows for finer access controls to be set on
-files, and a system security policy to define who can access what.
-The functions @code{file-selinux-context} and @code{set-file-selinux-context}
-get and set, respectively, the SELinux properties of a file.}
-context of the file.  For this to work, Emacs must have been built
-with libselinux support.
 @end deffn
 @deffn Command make-symbolic-link filename newname  &optional ok-if-exists
@@ -1667,6 +1683,16 @@ time and must be in the format returned by @code{current-time}
 (@pxref{Time of Day}).
 @end defun
+@defun set-file-selinux-context filename context
+This function sets the SELinux security context of the file
+@var{filename} to @var{context}.  @xref{File Attributes}, for a brief
+description of SELinux contexts.  The @var{context} argument should be
+a list @code{(@var{user} @var{role} @var{type} @var{range})}, like the
+return value of @code{file-selinux-context}.  The function does
+nothing if SELinux is disabled, or if Emacs was compiled without
+SELinux support.
+@end defun
 @node File Names
 @section File Names
 @cindex file names
diff --git a/src/ChangeLog b/src/ChangeLog
index 7b546244792..1566d6258af 100644
--- a/src/ChangeLog
+++ b/src/ChangeLog
@@ -1,5 +1,8 @@
 2012-02-25  Chong Yidong  <cyd@gnu.org>
+        * fileio.c (Ffile_selinux_context, Fset_file_selinux_context):
+        Doc fix.
        * xselect.c (Fx_selection_exists_p): Doc fix.
        (x_clipboard_manager_save_all): Print an informative message
        before saving to clipboard manager.
diff --git a/src/fileio.c b/src/fileio.c
index 839dc07b6ce..7efe919a9f0 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -2798,9 +2798,13 @@ See `file-symlink-p' to distinguish symlinks.  */)
 DEFUN ("file-selinux-context", Ffile_selinux_context,
       Sfile_selinux_context, 1, 1, 0,
-       doc: /* Return SELinux context of file named FILENAME,
+       doc: /* Return SELinux context of file named FILENAME.
-as a list ("user", "role", "type", "range"). Return (nil, nil, nil, nil)
+The return value is a list (USER ROLE TYPE RANGE), where the list
-if file does not exist, is not accessible, or SELinux is disabled */)
+elements are strings naming the user, role, type, and range of the
+file's SELinux security context.
+Return (nil nil nil nil) if the file is nonexistent or inaccessible,
+or if SELinux is disabled, or if Emacs lacks SELinux support.  */)
  (Lisp_Object filename)
 {
  Lisp_Object absname;
@@ -2853,9 +2857,12 @@ if file does not exist, is not accessible, or SELinux is disabled */)
 DEFUN ("set-file-selinux-context", Fset_file_selinux_context,
       Sset_file_selinux_context, 2, 2, 0,
-       doc: /* Set SELinux context of file named FILENAME to CONTEXT
+       doc: /* Set SELinux context of file named FILENAME to CONTEXT.
-as a list ("user", "role", "type", "range"). Has no effect if SELinux
+CONTEXT should be a list (USER ROLE TYPE RANGE), where the list
-is disabled. */)
+elements are strings naming the components of a SELinux context.
+This function does nothing if SELinux is disabled, or if Emacs was not
+compiled with SELinux support.  */)
  (Lisp_Object filename, Lisp_Object context)
 {
  Lisp_Object absname;
author	Chong Yidong	2012-02-25 17:07:23 +0800
committer	Chong Yidong	2012-02-25 17:07:23 +0800
commit	fa74b241a324c5c44c4223c2d1b4c2fcb605eb72 (patch)
tree	64313858047c7834da491e0166cedc981ad8167c
parent	a3fcfa99f65c578d857ce0f6e8595f6a5ad77ec8 (diff)
download	emacs-fa74b241a324c5c44c4223c2d1b4c2fcb605eb72.tar.gz emacs-fa74b241a324c5c44c4223c2d1b4c2fcb605eb72.zip

diff --git a/doc/lispref/ChangeLog b/doc/lispref/ChangeLog index 089aa8ba096..30abe19d192 100644 --- a/doc/lispref/ChangeLog +++ b/doc/lispref/ChangeLog
@@ -1,5 +1,12 @@
1	2012-02-25 Chong Yidong <cyd@gnu.org>	1	2012-02-25 Chong Yidong <cyd@gnu.org>
2		2
		3	* files.texi (File Attributes): Document file-selinux-context.
		4	(Changing Files): Link to it.
		5	(Changing Files): Document set-file-selinux-context.
		6
		7	* backups.texi (Making Backups): Return value of backup-buffer is
		8	changed.
		9
3	* searching.texi (Regexp Backslash): Add index entry (Bug#10869).	10	* searching.texi (Regexp Backslash): Add index entry (Bug#10869).
4		11
5	2012-02-24 Glenn Morris <rgm@gnu.org>	12	2012-02-24 Glenn Morris <rgm@gnu.org>


diff --git a/doc/lispref/backups.texi b/doc/lispref/backups.texi index a4b3a0b9bef..de41efacdeb 100644 --- a/doc/lispref/backups.texi +++ b/doc/lispref/backups.texi
@@ -57,12 +57,13 @@ buffer, if appropriate. It is called by @code{save-buffer} before
57	saving the buffer the first time.	57	saving the buffer the first time.
58		58
59	If a backup was made by renaming, the return value is a cons cell of	59	If a backup was made by renaming, the return value is a cons cell of
60	the form (@var{modes} . @var{backupname}), where @var{modes} are the	60	the form (@var{modes} @var{context} @var{backupname}), where
61	mode bits of the original file, as returned by @code{file-modes}	61	@var{modes} are the mode bits of the original file, as returned by
62	(@pxref{File Attributes,, Other Information about Files}), and	62	@code{file-modes} (@pxref{File Attributes,, Other Information about
63	@var{backupname} is the name of the backup. In all other cases, that	63	Files}), @var{context} is a list describing the original file's
64	is, if a backup was made by copying or if no backup was made, this	64	SELinux context (@pxref{File Attributes}), and @var{backupname} is the
65	function returns @code{nil}.	65	name of the backup. In all other cases, that is, if a backup was made
		66	by copying or if no backup was made, this function returns @code{nil}.
66	@end defun	67	@end defun
67		68
68	@defvar buffer-backed-up	69	@defvar buffer-backed-up


diff --git a/doc/lispref/files.texi b/doc/lispref/files.texi index 69e0003a46b..39e6549f4b9 100644 --- a/doc/lispref/files.texi +++ b/doc/lispref/files.texi
@@ -1129,6 +1129,18 @@ both others and group, and that the sticky bit is set.
1129		1129
1130	@xref{Changing Files}, for functions that change file permissions,	1130	@xref{Changing Files}, for functions that change file permissions,
1131	such as @code{set-file-modes}.	1131	such as @code{set-file-modes}.
		1132
		1133	@cindex MS-DOS and file modes
		1134	@cindex file modes and MS-DOS
		1135	@strong{MS-DOS note:} On MS-DOS, there is no such thing as an
		1136	``executable'' file mode bit. So @code{file-modes} considers a file
		1137	executable if its name ends in one of the standard executable
		1138	extensions, such as @file{.com}, @file{.bat}, @file{.exe}, and some
		1139	others. Files that begin with the Unix-standard @samp{#!} signature,
		1140	such as shell and Perl scripts, are also considered executable.
		1141	Directories are also reported as executable, for compatibility with
		1142	Unix. These conventions are also followed by @code{file-attributes},
		1143	below.
1132	@end defun	1144	@end defun
1133		1145
1134	If the @var{filename} argument to the next two functions is a	1146	If the @var{filename} argument to the next two functions is a
@@ -1304,16 +1316,26 @@ is on the file-system device whose number is 1014478468.
1304	@end table	1316	@end table
1305	@end defun	1317	@end defun
1306		1318
1307	@cindex MS-DOS and file modes	1319	@cindex SELinux context
1308	@cindex file modes and MS-DOS	1320	SELinux is a Linux kernel feature which provides more sophisticated
1309	On MS-DOS, there is no such thing as an ``executable'' file mode bit.	1321	file access controls than ordinary ``Unix-style'' file permissions.
1310	So Emacs considers a file executable if its name ends in one of the	1322	If Emacs has been compiled with SELinux support on a system with
1311	standard executable extensions, such as @file{.com}, @file{.bat},	1323	SELinux enabled, you can use the function @code{file-selinux-context}
1312	@file{.exe}, and some others. Files that begin with the Unix-standard	1324	to retrieve a file's SELinux security context. For the function
1313	@samp{#!} signature, such as shell and Perl scripts, are also considered	1325	@code{set-file-selinux-context}, see @ref{Changing Files}.
1314	as executable files. This is reflected in the values returned by	1326
1315	@code{file-modes} and @code{file-attributes}. Directories are also	1327	@defun file-selinux-context filename
1316	reported with executable bit set, for compatibility with Unix.	1328	This function returns the SELinux security context of the file
		1329	@var{filename}. This return value is a list of the form
		1330	@code{(@var{user} @var{role} @var{type} @var{range})}, whose elements
		1331	are the context's user, role, type, and range respectively, as Lisp
		1332	strings. See the SELinux documentation for details about what these
		1333	actually mean.
		1334
		1335	If the file does not exist or is inaccessible, or if the system does
		1336	not support SELinux, or if Emacs was not compiled with SELinux
		1337	support, then the return value is @code{(nil nil nil nil)}.
		1338	@end defun
1317		1339
1318	@node Locating Files	1340	@node Locating Files
1319	@subsection How to Locate Files in Standard Places	1341	@subsection How to Locate Files in Standard Places
@@ -1528,15 +1550,9 @@ non-@code{nil}, we attempt to copy the user and group ownership of the
1528	file. This works only on some operating systems, and only if you have	1550	file. This works only on some operating systems, and only if you have
1529	the correct permissions to do so.	1551	the correct permissions to do so.
1530		1552
1531	@cindex SELinux	1553	If the optional argument @var{preserve-selinux} is non-@code{nil}, and
1532	If the optional argument @var{preserve-selinux} is non-@code{nil}, we	1554	Emacs has been compiled with SELinux support, this function attempts
1533	attempt to copy the SELinux@footnote{@samp{Security-Enhanced Linux}	1555	to copy the file's SELinux context (@pxref{File Attributes}).
1534	is a kernel feature that allows for finer access controls to be set on
1535	files, and a system security policy to define who can access what.
1536	The functions @code{file-selinux-context} and @code{set-file-selinux-context}
1537	get and set, respectively, the SELinux properties of a file.}
1538	context of the file. For this to work, Emacs must have been built
1539	with libselinux support.
1540	@end deffn	1556	@end deffn
1541		1557
1542	@deffn Command make-symbolic-link filename newname &optional ok-if-exists	1558	@deffn Command make-symbolic-link filename newname &optional ok-if-exists
@@ -1667,6 +1683,16 @@ time and must be in the format returned by @code{current-time}
1667	(@pxref{Time of Day}).	1683	(@pxref{Time of Day}).
1668	@end defun	1684	@end defun
1669		1685
		1686	@defun set-file-selinux-context filename context
		1687	This function sets the SELinux security context of the file
		1688	@var{filename} to @var{context}. @xref{File Attributes}, for a brief
		1689	description of SELinux contexts. The @var{context} argument should be
		1690	a list @code{(@var{user} @var{role} @var{type} @var{range})}, like the
		1691	return value of @code{file-selinux-context}. The function does
		1692	nothing if SELinux is disabled, or if Emacs was compiled without
		1693	SELinux support.
		1694	@end defun
		1695
1670	@node File Names	1696	@node File Names
1671	@section File Names	1697	@section File Names
1672	@cindex file names	1698	@cindex file names


diff --git a/src/ChangeLog b/src/ChangeLog index 7b546244792..1566d6258af 100644 --- a/src/ChangeLog +++ b/src/ChangeLog
@@ -1,5 +1,8 @@
1	2012-02-25 Chong Yidong <cyd@gnu.org>	1	2012-02-25 Chong Yidong <cyd@gnu.org>
2		2
		3	* fileio.c (Ffile_selinux_context, Fset_file_selinux_context):
		4	Doc fix.
		5
3	* xselect.c (Fx_selection_exists_p): Doc fix.	6	* xselect.c (Fx_selection_exists_p): Doc fix.
4	(x_clipboard_manager_save_all): Print an informative message	7	(x_clipboard_manager_save_all): Print an informative message
5	before saving to clipboard manager.	8	before saving to clipboard manager.


diff --git a/src/fileio.c b/src/fileio.c index 839dc07b6ce..7efe919a9f0 100644 --- a/src/fileio.c +++ b/src/fileio.c
@@ -2798,9 +2798,13 @@ See `file-symlink-p' to distinguish symlinks. */)
2798		2798
2799	DEFUN ("file-selinux-context", Ffile_selinux_context,	2799	DEFUN ("file-selinux-context", Ffile_selinux_context,
2800	Sfile_selinux_context, 1, 1, 0,	2800	Sfile_selinux_context, 1, 1, 0,
2801	doc: /* Return SELinux context of file named FILENAME,	2801	doc: /* Return SELinux context of file named FILENAME.
2802	as a list ("user", "role", "type", "range"). Return (nil, nil, nil, nil)	2802	The return value is a list (USER ROLE TYPE RANGE), where the list
2803	if file does not exist, is not accessible, or SELinux is disabled */)	2803	elements are strings naming the user, role, type, and range of the
		2804	file's SELinux security context.
		2805
		2806	Return (nil nil nil nil) if the file is nonexistent or inaccessible,
		2807	or if SELinux is disabled, or if Emacs lacks SELinux support. */)
2804	(Lisp_Object filename)	2808	(Lisp_Object filename)
2805	{	2809	{
2806	Lisp_Object absname;	2810	Lisp_Object absname;
@@ -2853,9 +2857,12 @@ if file does not exist, is not accessible, or SELinux is disabled */)
2853		2857
2854	DEFUN ("set-file-selinux-context", Fset_file_selinux_context,	2858	DEFUN ("set-file-selinux-context", Fset_file_selinux_context,
2855	Sset_file_selinux_context, 2, 2, 0,	2859	Sset_file_selinux_context, 2, 2, 0,
2856	doc: /* Set SELinux context of file named FILENAME to CONTEXT	2860	doc: /* Set SELinux context of file named FILENAME to CONTEXT.
2857	as a list ("user", "role", "type", "range"). Has no effect if SELinux	2861	CONTEXT should be a list (USER ROLE TYPE RANGE), where the list
2858	is disabled. */)	2862	elements are strings naming the components of a SELinux context.
		2863
		2864	This function does nothing if SELinux is disabled, or if Emacs was not
		2865	compiled with SELinux support. */)
2859	(Lisp_Object filename, Lisp_Object context)	2866	(Lisp_Object filename, Lisp_Object context)
2860	{	2867	{
2861	Lisp_Object absname;	2868	Lisp_Object absname;