selinux_file_context_verify(3)

1selinux_file_context_verify(L3i)brary Functions Manusaellinux_file_context_verify(3)
2
3
4

NAME

6       selinux_file_context_verify  -  Compare the SELinux security context on
7       disk to the default security context required by the policy  file  con‐
8       texts file
9

SYNOPSIS

11       #include <selinux/selinux.h>
12
13       int selinux_file_context_verify(const char *path, mode_t mode);
14

DESCRIPTION

16       selinux_file_context_verify()  compares  the  context  of the specified
17       path that is held on disk (in the extended attribute),  to  the  system
18       default entry held in the file contexts series of files.
19
20       The mode may be zero.
21
22       Note  that  the two contexts are compared for "significant" differences
23       (i.e. the user component of the contexts are ignored) as shown  in  the
24       EXAMPLE section.
25

RETURN VALUE

27       If the contexts significantly match, 1 (one) is returned.
28
29       If  the  contexts do not match 0 (zero) is returned and errno is set to
30       either ENOENT or EINVAL for the reasons listed in the  ERRORS  section,
31       or if errno = 0 then the contexts did not match.
32
33       On failure -1 is returned and errno set appropriately.
34

ERRORS

36       ENOTSUP
37              if extended attributes are not supported by the file system.
38
39       ENOENT if  there  is  no  entry in the file contexts series of files or
40              path does not exist.
41
42       EINVAL if the entry in the file contexts series of files  or  path  are
43              invalid, or the returned context fails validation.
44
45       ENOMEM if attempt to allocate memory failed.
46

FILES

48       The  following  configuration files (the file contexts series of files)
49       supporting the active policy will be used (should they exist) to deter‐
50       mine the path default context:
51
52              contexts/files/file_contexts - This file must exist.
53
54              contexts/files/file_contexts.local  -  If  exists has local cus‐
55              tomizations.
56
57              contexts/files/file_contexts.homedirs - If exists has users home
58              directory customizations.
59
60              contexts/files/file_contexts.subs  - If exists has substitutions
61              that are then applied to the 'in memory'  version  of  the  file
62              contexts files.
63

EXAMPLE

65       If the files context is:
66              unconfined_u:object_r:admin_home_t:s0
67
68       and the default context defined in the file contexts file is:
69              system_u:object_r:admin_home_t:s0
70
71       then the actual strings compared are:
72              :object_r:admin_home_t:s0 and :object_r:admin_home_t:s0
73
74       Therefore they will match and selinux_file_context_verify() will return
75       1.
76