1getsockcreatecon(3)        SELinux API documentation       getsockcreatecon(3)
2
3
4

NAME

6       getsockcreatecon,  setsockcreatecon  -  get or set the SELinux security
7       context used for creating a new labeled sockets
8

SYNOPSIS

10       #include <selinux/selinux.h>
11
12       int getsockcreatecon(char **con);
13
14       int getsockcreatecon_raw(char **con);
15
16       int setsockcreatecon(char * context);
17
18       int setsockcreatecon_raw(char * context);
19

DESCRIPTION

21       getsockcreatecon() retrieves  the  context  used  for  creating  a  new
22       labeled  network  socket.   This  returned context should be freed with
23       freecon(3) if non-NULL.  getsockcreatecon() sets *con  to  NULL  if  no
24       sockcreate  context  has been explicitly set by the program (i.e. using
25       the default policy behavior).
26
27       setsockcreatecon() sets the context used for  creating  a  new  labeled
28       network  sockets  NULL  can be passed to setsockcreatecon() to reset to
29       the default policy behavior.  The sockcreate context  is  automatically
30       reset after the next execve(2), so a program doesn't need to explicitly
31       sanitize it upon startup.
32
33       setsockcreatecon() can be  applied  prior  to  library  functions  that
34       internally perform an file creation, in order to set an file context on
35       the objects.
36
37       getsockcreatecon_raw() and setsockcreatecon_raw() behave identically to
38       their non-raw counterparts but do not perform context translation.
39
40       Note:  Signal handlers that perform a setsockcreatecon() must take care
41       to save, reset, and restore the sockcreate context to avoid  unexpected
42       behavior.
43
44       Note: Contexts are thread specific.
45
46

RETURN VALUE

48       On error -1 is returned.  On success 0 is returned.
49

SEE ALSO

51       selinux(8), freecon(3), getcon(3)
52
53
54
55dwalsh@redhat.com              24 September 2008           getsockcreatecon(3)