1getkeycreatecon(3)         SELinux API documentation        getkeycreatecon(3)
2
3
4

NAME

6       getkeycreatecon, setkeycreatecon - get or set the SELinux security con‐
7       text used for creating a new kernel keyrings
8

SYNOPSIS

10       #include <selinux/selinux.h>
11
12       int getkeycreatecon(char **con);
13
14       int getkeycreatecon_raw(char **con);
15
16       int setkeycreatecon(char *context);
17
18       int setkeycreatecon_raw(char *context);
19

DESCRIPTION

21       getkeycreatecon() retrieves the context used for creating a new  kernel
22       keyring.  This returned context should be freed with freecon(3) if non-
23       NULL.  getkeycreatecon() sets *con to NULL if no keycreate context  has
24       been  explicitly  set  by  the  program  (i.e. using the default policy
25       behavior).
26
27       setkeycreatecon() sets the context  used  for  creating  a  new  kernel
28       keyring.   NULL  can  be  passed  to  setkeycreatecon() to reset to the
29       default policy behavior.  The keycreate context is automatically  reset
30       after the next execve(2), so a program doesn't need to explicitly sani‐
31       tize it upon startup.
32
33       setkeycreatecon() can be applied prior to library functions that inter‐
34       nally  perform an file creation, in order to set an file context on the
35       objects.
36
37       getkeycreatecon_raw() and setkeycreatecon_raw() behave  identically  to
38       their non-raw counterparts but do not perform context translation.
39
40       Note:  Signal  handlers that perform a setkeycreatecon() must take care
41       to save, reset, and restore the keycreate context to  avoid  unexpected
42       behavior.
43
44       Note: Contexts are thread specific.
45

RETURN VALUE

47       On error -1 is returned.  On success 0 is returned.
48

SEE ALSO

50       selinux(8), freecon(3), getcon(3), getexeccon(3)
51
52
53
54dwalsh@redhat.com              9 September 2008             getkeycreatecon(3)
Impressum