1selabel_media(5)           SELinux API documentation          selabel_media(5)
2
3
4

NAME

6       selabel_media  - userspace SELinux labeling interface and configuration
7       file format for the media contexts backend
8

SYNOPSIS

10       #include <selinux/label.h>
11
12       int selabel_lookup(struct selabel_handle *hnd,
13                          char **context,
14                          const char *device_name, int unused);
15
16       int selabel_lookup_raw(struct selabel_handle *hnd,
17                          char **context,
18                          const char *device_name, int unused);
19

DESCRIPTION

21       The media contexts backend maps from media device names such as "cdrom"
22       or  "floppy" into security contexts. It is used to find the appropriate
23       context for establishing context mounts on these devices. The  returned
24       context must be freed using freecon(3).
25       selabel_lookup(3)  describes  the  function  with  its return and error
26       codes.
27
28       The integer lookup argument is currently unused and should  be  set  to
29       zero.
30
31       Any  messages  generated  by  selabel_lookup(3)  are  sent to stderr by
32       default, although this can be changed by selinux_set_callback(3).
33
34       selabel_lookup_raw(3) behaves identically to selabel_lookup(3) but does
35       not perform context translation.
36
37       The FILES section details the configuration files used to determine the
38       media context.
39

OPTIONS

41       In addition to the global options described  in  selabel_open(3),  this
42       backend recognizes the following options:
43
44       SELABEL_OPT_PATH
45              A non-null value for this option specifies a path to a file that
46              will be opened in lieu of the standard media contexts file.
47

FILES

49       The media context file used to retrieve a default  context  depends  on
50       the SELABEL_OPT_PATH parameter passed to selabel_open(3). If NULL, then
51       the SELABEL_OPT_PATH value will default to the active policy media con‐
52       texts  location  (as returned by selinux_media_context_path(3)), other‐
53       wise the actual SELABEL_OPT_PATH value specified is used.
54
55       The default media contexts file is:
56              /etc/selinux/{SELINUXTYPE}/contexts/files/media
57
58       Where {SELINUXTYPE} is the entry from the  selinux  configuration  file
59       config (see selinux_config(5)).
60

FILE FORMAT

62       Each line within the media file is as follows:
63              device_name context
64
65       Where:
66              device_name
67                     The media identifier (e.g. cdrom, floppy, disk and usb).
68              context
69                     The context to be used for labeling the device.
70
71       Example:
72              # contexts/files/media
73              cdrom system_u:object_r:removable_device_t
74              floppy system_u:object_r:removable_device_t
75              disk system_u:object_r:fixed_disk_device_t
76

NOTES

78       If  contexts  are  to  be  validated,  then  the  global  option  SELA‐
79       BEL_OPT_VALIDATE must be set before calling selabel_open(3). If this is
80       not set, then it is possible for an invalid context to be returned.
81

SEE ALSO

83       selinux(8), selabel_open(3), selabel_lookup(3), selabel_stats(3),
84       selabel_close(3), selinux_set_callback(3),
85       selinux_media_context_path(3), freecon(3), selinux_config(5)
86
87
88
89Security Enhanced Linux           29 Nov 2011                 selabel_media(5)
Impressum