1getfilecon(3) SELinux API documentation getfilecon(3)
2
6 getfilecon, fgetfilecon, lgetfilecon - get SELinux security context of
7 a file
8
10 #include <selinux/selinux.h>
11 int getfilecon(const char *path, char **con);
13 int getfilecon_raw(const char *path, char **con);
15 int lgetfilecon(const char *path, char **con);
17 int lgetfilecon_raw(const char *path, char **con);
19 int fgetfilecon(int fd, char **con);
21 int fgetfilecon_raw(int fd, char **con);
23
25 getfilecon() retrieves the context associated with the given path in
26 the file system, the length of the context is returned. The context
27 should not be used in selinux_access_check as this function can return
28 a cached value, which is not suitable for access checking. It should
29 only be used to print translated value to the user.
30 lgetfilecon() is identical to getfilecon(), except in the case of a
32 symbolic link, where the link itself is interrogated, not the file that
33 it refers to.
34 fgetfilecon() is identical to getfilecon(), only the open file pointed
36 to by filedes (as returned by open(2)) is interrogated in place of
37 path.
38 getfilecon_raw(), lgetfilecon_raw() and fgetfilecon_raw() behave iden‐
40 tically to their non-raw counterparts but do not perform context trans‐
41 lation.
42 The returned context should be freed with freecon(3) if non-NULL.
44
46 On success, a positive number is returned indicating the size of the
47 extended attribute value. On failure, -1 is returned and errno is set
48 appropriately.
49 If the context does not exist, or the process has no access to this
51 attribute, errno is set to ENODATA.
52 If extended attributes are not supported by the filesystem, or are dis‐
54 abled, errno is set to ENOTSUP.
55 The errors documented for the stat(2) system call are also applicable
57 here.
58
60 selinux(8), freecon(3), setfilecon(3), setfscreatecon(3)
61russell@coker.com.au 1 January 2004 getfilecon(3)