1matchpathcon(3)            SELinux API documentation           matchpathcon(3)
2
3
4

NAME

6       matchpathcon,  matchpathcon_index  -  get  the default SELinux security
7       context for the specified path from the file contexts configuration.
8
9

SYNOPSIS

11       #include <selinux/selinux.h>
12
13
14       int matchpathcon_init(const char *path);
15
16       int matchpathcon_init_prefix(const char *path, const char *subset);
17
18       int matchpathcon_fini(void);
19
20
21       int matchpathcon(const  char  *path,  mode_t  mode,  security_context_t
22       *con);
23
24
25       int  matchpathcon_index(const  char  *name,  mode_t mode, security_con‐
26       text_t * con);
27
28

DESCRIPTION

30       matchpathcon_init loads the file contexts  configuration  specified  by
31       path  into memory for use by subsequent matchpathcon calls.  If path is
32       NULL, then the active file contexts configuration is loaded by default,
33       i.e.  the  path  returned  by selinux_file_context_path(3).  Unless the
34       MATCHPATHCON_BASEONLY flag has been set via  set_matchpathcon_flags(3),
35       files  with  the same path prefix but a .homedirs and .local suffix are
36       also looked up and loaded if present.  These files provide  dynamically
37       generated  entries  for  user home directories and for local customiza‐
38       tions.
39
40
41       matchpathcon_init_prefix is the  same  as  matchpathcon_init  but  only
42       loads entries with regular expressions that have stems prefixed by pre‐
43       fix.
44
45
46       matchpathcon_fini frees the memory allocated by a prior call to  match‐
47       pathcon_init.  This function can be used to free and reset the internal
48       state between multiple matchpathcon_init calls, or to free memory  when
49       finished using matchpathcon.
50
51
52       matchpathcon  matches  the specified pathname and mode against the file
53       contexts configuration and sets the security context con  to  refer  to
54       the  resulting context. The caller must free the returned security con‐
55       text con using freecon(3) when finished using it.  mode  can  be  0  to
56       disable  mode matching, but should be provided whenever possible, as it
57       may affect the matching.  Only the file  format  bits  (i.e.  the  file
58       type)  of the mode are used.  If matchpathcon_init has not already been
59       called, then this function will call it upon its first invocation  with
60       a NULL path, defaulting to the active file contexts configuration.
61
62
63       matchpathcon_index is the same as matchpathcon but returns a specifica‐
64       tion index that can later be  used  in  a  matchpathcon_filespec_add(3)
65       call.
66
67
68

RETURN VALUE

70       Returns zero on success or -1 otherwise.
71
72

SEE ALSO

74       selinux(8),  set_matchpathcon_flags(3), set_matchpathcon_invalidcon(3),
75       set_matchpathcon_printf(3),  matchpathcon_filespec_add(3),   matchpath‐
76       con_checkmatches(3), freecon(3), setfilecon(3), setfscreatecon(3)
77
78
79
80sds@tycho.nsa.gov              21 November 2009                matchpathcon(3)
Impressum