NAME¶
matchpathcon, matchpathcon_index - get the default SELinux security context for
the specified path from the file contexts configuration
SYNOPSIS¶
#include <selinux/selinux.h>
int matchpathcon_init(const char *path);
int matchpathcon_init_prefix(const char *path, const char
*subset);
int matchpathcon_fini(void);
int matchpathcon(const char *path, mode_t mode,
char **con);
int matchpathcon_index(const char *name, mode_t
mode, char **con);
DESCRIPTION¶
matchpathcon_init() loads the file contexts configuration specified by
path into memory for use by subsequent
matchpathcon() calls. If
path is NULL, then the active file contexts configuration is loaded by
default, i.e. the path returned by
selinux_file_context_path(3). Unless
the
MATCHPATHCON_BASEONLY flag has been set via
set_matchpathcon_flags(3), files with the same path prefix but a
.homedirs and
.local suffix are also looked up and loaded if
present. These files provide dynamically generated entries for user home
directories and for local customizations.
matchpathcon_init_prefix() is the same as
matchpathcon_init() but
only loads entries with regular expressions that have stems prefixed by
prefix.
matchpathcon_fini() frees the memory allocated by a prior call to
matchpathcon_init.() This function can be used to free and reset the
internal state between multiple
matchpathcon_init() calls, or to free
memory when finished using
matchpathcon().
matchpathcon() matches the specified pathname and mode against the file
contexts configuration and sets the security context
con to refer to
the resulting context. The caller must free the returned security context
con using
freecon(3) when finished using it.
mode can be
0 to disable mode matching, but should be provided whenever possible, as it
may affect the matching. Only the file format bits (i.e. the file type) of the
mode are used. If
matchpathcon_init() has not already been
called, then this function will call it upon its first invocation with a NULL
path, defaulting to the active file contexts configuration.
matchpathcon_index() is the same as
matchpathcon() but returns a
specification index that can later be used in a
matchpathcon_filespec_add(3) call.
RETURN VALUE¶
Returns zero on success or -1 otherwise.
SEE ALSO¶
selinux(8),
set_matchpathcon_flags(3),
set_matchpathcon_invalidcon(3),
set_matchpathcon_printf(3),
matchpathcon_filespec_add(3),
matchpathcon_checkmatches(3),
freecon(3),
setfilecon(3),
setfscreatecon(3)