1selabel_x(5)               SELinux API documentation              selabel_x(5)
2
3
4

NAME

6       selabel_x  - userspace SELinux labeling interface: X Window System con‐
7       texts backend.
8

SYNOPSIS

10       #include <selinux/selinux.h>
11
12       #include <selinux/label.h>
13
14       int selabel_lookup(struct selabel_handle *hnd,
15                          security_context_t *context,
16
17                          const char *object_name, int object_type);
18
19

DESCRIPTION

21       The X contexts backend maps from X  Window  System  object  names  into
22       security  contexts.   It  is used to find the appropriate context for X
23       Window System objects whose significance  and/or  usage  semantics  are
24       determined  primarily  by name.  This backend is also used to determine
25       the default context for labeling remotely connected X clients.
26
27       The object_type argument should be set to one of the following values:
28
29       SELABEL_X_PROP
30              The object_name argument specifies the name of  a  window  prop‐
31              erty, such as "WM_NAME".
32
33       SELABEL_X_SELN
34              The object_name argument specifies the name of a selection, such
35              as "PRIMARY".
36
37       SELABEL_X_EXT
38              The object_name argument specifies the name of a protocol exten‐
39              sion, such as "RENDER".
40
41       SELABEL_X_EVENT
42              The  object_name  argument  specifies the name of an event type,
43              such as "X11:ButtonPress".
44
45       SELABEL_X_CLIENT
46              The object_name argument is ignored and should be set  to  NULL.
47              The default context for labeling remote X clients is returned.
48
49       SELABEL_X_POLYPROP
50              Like  SELABEL_X_PROP,  but  checks if the property was marked as
51              being polyinstantiated.  See NOTES below.
52
53       SELABEL_X_POLYSELN
54              Like SELABEL_X_SELN, but checks if the selection was  marked  as
55              being polyinstantiated.  See NOTES below.
56
57

OPTIONS

59       In  addition  to  the global options described in selabel_open(3), this
60       backend recognizes the following options:
61
62
63       SELABEL_OPT_PATH
64              A non-null value for this option specifies a path to a file that
65              will be opened in lieu of the standard X contexts file.
66
67

NOTES

69       Properties and selections are marked as either polyinstantiated or not.
70       For these name types, the "POLY" option searches only the names  marked
71       as  being  polyinstantiated,  while  the other option searches only the
72       names marked as not being polyinstantiated.   Users  of  the  interface
73       should  check  both  mappings,  optionally  taking  action based on the
74       result (e.g. polyinstantiating the object).
75
76

SEE ALSO

78       selabel_open(3), selabel_lookup(3), selabel_stats(3), selinux(8)
79
80
81
82
83                                  18 Jun 2007                     selabel_x(5)
Impressum