1getsockcreatecon(3) SELinux API documentation getsockcreatecon(3)
2
3
4
6 getsockcreatecon, setsockcreatecon - get or set the SELinux security
7 context used for creating a new labeled sockets
8
10 #include <selinux/selinux.h>
11
12 int getsockcreatecon(char **con);
13
14 int getsockcreatecon_raw(char **con);
15
16 int setsockcreatecon(char * context);
17
18 int setsockcreatecon_raw(char * context);
19
21 getsockcreatecon() retrieves the context used for creating a new
22 labeled network socket. This returned context should be freed with
23 freecon(3) if non-NULL. getsockcreatecon() sets *con to NULL if no
24 sockcreate context has been explicitly set by the program (i.e. using
25 the default policy behavior).
26
27 setsockcreatecon() sets the context used for creating a new labeled
28 network sockets NULL can be passed to setsockcreatecon() to reset to
29 the default policy behavior. The sockcreate context is automatically
30 reset after the next execve(2), so a program doesn't need to explicitly
31 sanitize it upon startup.
32
33 setsockcreatecon() can be applied prior to library functions that
34 internally perform an file creation, in order to set an file context on
35 the objects.
36
37 getsockcreatecon_raw() and setsockcreatecon_raw() behave identically to
38 their non-raw counterparts but do not perform context translation.
39
40 Note: Signal handlers that perform a setsockcreatecon() must take care
41 to save, reset, and restore the sockcreate context to avoid unexpected
42 behavior.
43
44 Note: Contexts are thread specific.
45
46
48 On error -1 is returned. On success 0 is returned.
49
51 selinux(8), freecon(3), getcon(3)
52
53
54
55dwalsh@redhat.com 24 September 2008 getsockcreatecon(3)