This directory contains simple example programs for invoking the 
new system calls that we've added thus far to Linux.  We have also
modified a number of utilities (in ../utils) to use some of these
new system calls.

The `../libsecure' directory contains the library wrappers
for the new system calls, with the corresponding
prototypes in the header files in the `../include' directory.

The `man' subdirectory contains manual pages for some of these calls
and programs.  The other subdirectories are for the simple programs.

The `avc_toggle' program may be used to toggle a flag
used by the access vector cache to determine whether
it should enforce permissions or just audit them for
development purposes.  This is only supported if
CONFIG_FLASK_DEVELOP was enabled in the kernel options.

The `call_security' program is a simple menu-driven program that permits
you to invoke any of the system calls for interacting with the security
server component of the kernel.  Additionally, each of the security
server system calls has a separate program for using it directly from
the command line, i.e. the `compute_av', `context_to_sid', `list_sids',
`load_policy', `member_sid', `notify_perm', `sid_to_context', 
and `transition_sid' programs.

A simple program is provided for each of the new process system calls.
The `execve_secure' program may be used to execute a program under a
different SID.  The `getsecsid' program may be used to obtain the SID
and security context of the current process.  The `getosecsid' program 
is intended to show the getosecsid system call, which returns the old 
SID (prior to the last execve).  However, since running the getosecsid 
program itself causes an execve, this isn't very effective.  You can see 
it work correctly by running it via execve_secure, in which case it does 
report the old SID prior to the execve.  The utils directory contains a
modified id program and a new runas program that also use the new 
process system calls.

A simple program is provided for each of the new file system calls,
i.e. open_secure, mkdir_secure, stat_secure, lstat_secure, fstat_secure,
statfs_secure, fstatfs_secure, chsid, fchsid, chsidfs, fchsidfs.
Simple variations of these programs that use security contexts rather
than SIDs are `chcontext' and `scontext'.  The utils directory contains
modifications to ps, ls, stat, find, mkdir, mknod, install, and tar that use
the new file system calls.

The *_client and *_server programs may be used to demonstrate the
new socket system calls.  A client program and a server program are
provided for TCP sockets, UDP sockets, Unix stream sockets, and Unix
datagram sockets.
