1matchpathcon(3)            SELinux API documentation           matchpathcon(3)
2
3
4

NAME

6       matchpathcon,  matchpathcon_index  -  get  the default SELinux security
7       context for the specified path from the file contexts configuration
8

SYNOPSIS

10       #include <selinux/selinux.h>
11
12       int matchpathcon_init(const char *path);
13
14       int matchpathcon_init_prefix(const char *path, const char *prefix);
15
16       int matchpathcon_fini(void);
17
18       int matchpathcon(const char *path, mode_t mode, char **con);
19
20       int matchpathcon_index(const char *name, mode_t mode, char **con);
21

DESCRIPTION

23       This family of functions is deprecated.  For new code, please use sela‐
24       bel_open(3)  with  the  SELABEL_CTX_FILE backend in place of matchpath‐
25       con_init(), use selabel_close(3) in place of  matchpathcon_fini(),  and
26       use selabel_lookup(3) in place of matchpathcon().
27
28       The remaining description below is for the legacy interface.
29
30       matchpathcon_init()  loads the file contexts configuration specified by
31       path into memory for use by subsequent matchpathcon() calls.   If  path
32       is  NULL,  then  the  active  file  contexts configuration is loaded by
33       default,  i.e.  the  path  returned  by   selinux_file_context_path(3).
34       Unless    the    MATCHPATHCON_BASEONLY    flag   has   been   set   via
35       set_matchpathcon_flags(3), files  with  the  same  path  prefix  but  a
36       .homedirs  and  .local suffix are also looked up and loaded if present.
37       These files provide dynamically generated entries for user home  direc‐
38       tories and for local customizations.
39
40       matchpathcon_init_prefix()  is the same as matchpathcon_init() but only
41       loads entries with regular expressions whose first  pathname  component
42       is  a  prefix  of  prefix , e.g. pass "/dev" if you only intend to call
43       matchpathcon() with pathnames beginning with /dev.  However, this opti‐
44       mization  is  no  longer  necessary due to the use of file_contexts.bin
45       files with precompiled regular expressions, so use of this interface is
46       deprecated.
47
48       matchpathcon_fini()  frees  the  memory  allocated  by  a prior call to
49       matchpathcon_init.() This function can be used to free  and  reset  the
50       internal  state  between multiple matchpathcon_init() calls, or to free
51       memory when finished using matchpathcon().
52
53       matchpathcon() matches the specified pathname, after transformation via
54       realpath(3)  excepting any final symbolic link component if S_IFLNK was
55       specified as the mode, and mode against the file contexts configuration
56       and  sets  the  security context con to refer to the resulting context.
57       The caller must free the returned security context con using freecon(3)
58       when  finished  using  it.  mode can be 0 to disable mode matching, but
59       should be provided whenever possible, as it may  affect  the  matching.
60       Only  the  file  format bits (i.e. the file type) of the mode are used.
61       If matchpathcon_init() has not already been called, then this  function
62       will  call it upon its first invocation with a NULL path, defaulting to
63       the active file contexts configuration.
64
65       matchpathcon_index() is the same as matchpathcon() but returns a speci‐
66       fication index that can later be used in a matchpathcon_filespec_add(3)
67       call.
68

RETURN VALUE

70       Returns zero on success or -1 otherwise.
71

SEE ALSO

73       selinux(8), set_matchpathcon_flags(3), set_matchpathcon_invalidcon(3),
74       set_matchpathcon_printf(3), matchpathcon_filespec_add(3),
75       matchpathcon_checkmatches(3), freecon(3), setfilecon(3),
76       setfscreatecon(3)
77
78
79
80sds@tycho.nsa.gov              21 November 2009                matchpathcon(3)
Impressum