1selabel_open(3)            SELinux API documentation           selabel_open(3)
2
3
4

NAME

6       selabel_open, selabel_close - userspace SELinux labeling interface.
7

SYNOPSIS

9       #include <selinux/selinux.h>
10
11       #include <selinux/label.h>
12
13       struct selabel_handle *selabel_open(int backend,
14                                           struct selinux_opt *options,
15
16                                           unsigned nopt);
17
18       void selabel_close(struct selabel_handle *hnd);
19
20

DESCRIPTION

22       selabel_open  is  used  to  initialize a labeling handle to be used for
23       lookup operations.  The backend argument specifies which backend is  to
24       be opened; the list of current backends appears in BACKENDS below.
25
26       The  options  argument  should  be  NULL  or  a  pointer to an array of
27       selinux_opt structures of length nopt:
28
29              struct selinux_opt {
30                  int         type;
31                  const char  *value;
32              };
33
34       The available option types are described in  GLOBAL  OPTIONS  below  as
35       well  as  in the documentation for each individual backend.  The return
36       value on success is a non-NULL value for use in subsequent label opera‐
37       tions.
38
39       selabel_close   terminates  use  of  a  handle,  freeing  any  internal
40       resources associated with it.  After this call has been made, the  han‐
41       dle must not be used again.
42
43

GLOBAL OPTIONS

45       Global  options which may be passed to selabel_open include the follow‐
46       ing:
47
48
49       SELABEL_OPT_UNUSED
50              The option with a type code of zero is a no-op.  Thus  an  array
51              of  options  may  be initizalized to zero and any untouched ele‐
52              ments will not cause an error.
53
54       SELABEL_OPT_VALIDATE
55              A non-null value for this option enables context validation.  By
56              default,  security_check_context(3) is used; a custom validation
57              function can be provided via selinux_set_callback(3).  Note that
58              an  invalid  context may not be treated as an error unless it is
59              actually encountered during a lookup operation.
60
61

BACKENDS

63       SELABEL_CTX_FILE
64              File contexts backend, described in selabel_file(5).
65
66       SELABEL_CTX_MEDIA
67              Media contexts backend, described in selabel_media(5).
68
69       SELABEL_CTX_X
70              X Windows contexts backend, described in selabel_x(5).
71
72       SELABEL_CTX_DB
73              Database objects contexts backend, described in selabel_db(5).
74
75

RETURN VALUE

77       A non-NULL handle value is returned on  success.   On  error,  NULL  is
78       returned and errno is set appropriately.
79
80

AUTHOR

82       Eamon Walsh <ewalsh@tycho.nsa.gov>
83
84

SEE ALSO

86       selabel_lookup(3),      selabel_stats(3),      selinux_set_callback(3),
87       selinux(8)
88
89
90
91
92                                  18 Jun 2007                  selabel_open(3)
Impressum