1selinux_restorecon_xattr(3)SELinux API documentationselinux_restorecon_xattr(3)
2
3
4

NAME

6       selinux_restorecon_xattr   -  manage  default  security.restorecon_last
7       extended attribute entries added by selinux_restorecon(3),  setfiles(8)
8       or restorecon(8).
9
10

SYNOPSIS

12       #include <selinux/restorecon.h>
13
14       int selinux_restorecon_xattr(const char *pathname,
15                              unsigned int xattr_flags,
16                              struct dir_xattr ***xattr_list);
17

DESCRIPTION

19       selinux_restorecon_xattr()  returns  a  linked list of dir_xattr struc‐
20       tures containing information described below based on:
21
22              pathname containing a directory tree to be  searched  for  secu‐
23              rity.restorecon_last extended attribute entries.
24
25              xattr_flags contains options as follows:
26
27
28                     SELINUX_RESTORECON_XATTR_RECURSE    recursively   descend
29                     directories.
30
31                     SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS   delete
32                     non-matching digests from each directory in pathname.
33
34                     SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS   delete  all
35                     digests from each directory in pathname.
36
37                     SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS   do   not    read
38                     /proc/mounts  to  obtain a list of non-seclabel mounts to
39                     be excluded from the search.
40                     Setting SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS is  useful
41                     where  there is a non-seclabel fs mounted with a seclabel
42                     fs mounted on a directory below this.
43
44              xattr_list is the returned pointer to a linked list of dir_xattr
45              structures, each containing the following information:
46
47                     struct dir_xattr {
48                         char *directory;
49                         char *digest;    /* Printable hex encoded string */
50                         enum digest_result result;
51                         struct dir_xattr *next;
52                     };
53
54              The result entry is enumerated as follows:
55                     enum digest_result {
56                         MATCH = 0,
57                         NOMATCH,
58                         DELETED_MATCH,
59                         DELETED_NOMATCH,
60                         ERROR
61                     };
62
63              xattr_list  must  be set to NULL before calling selinux_restore‐
64              con_xattr(3).   The  caller  is  responsible  for  freeing   the
65              returned xattr_list entries in the linked list.
66
67       See the NOTES section for more information.
68
69

RETURN VALUE

71       On  success,  zero  is returned.  On error, -1 is returned and errno is
72       set appropriately.
73
74

NOTES

76       1.  By default selinux_restorecon_xattr(3) will use the default set  of
77           specfiles  described  in files_contexts(5) to calculate the initial
78           SHA1 digest to be used for  comparison.   To  change  this  default
79           behavior  selabel_open(3)  must  be  called specifying the required
80           SELABEL_OPT_PATH and setting the  SELABEL_OPT_DIGEST  option  to  a
81           non-NULL  value.  selinux_restorecon_set_sehandle(3) is then called
82           to set the handle to be used by selinux_restorecon_xattr(3).
83
84       2.  By default selinux_restorecon_xattr(3) reads /proc/mounts to obtain
85           a  list  of non-seclabel mounts to be excluded from searches unless
86           the SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS flag has been set.
87
88       3.  RAMFS and TMPFS filesystems do not  support  the  security.restore‐
89           con_last  extended  attribute  and  are automatically excluded from
90           searches.
91
92       4.  By default stderr is used to log output messages and  errors.  This
93           may   be   changed  by  calling  selinux_set_callback(3)  with  the
94           SELINUX_CB_LOG type option.
95
96

SEE ALSO

98       selinux_restorecon(3)
99       selinux_restorecon_set_sehandle(3),
100       selinux_restorecon_default_handle(3),
101       selinux_restorecon_set_exclude_list(3),
102       selinux_restorecon_set_alt_rootpath(3),
103       selinux_set_callback(3)
104
105
106
107                                 30 July 2016      selinux_restorecon_xattr(3)
Impressum