1selabel_file(5) SELinux API documentation selabel_file(5)
2
6 selabel_file - userspace SELinux labeling interface: file contexts
7 backend.
8
10 #include <selinux/selinux.h>
11 #include <selinux/label.h>
13 int selabel_lookup(struct selabel_handle *hnd,
15 security_context_t *context,
16 const char *path, int mode);
18
21 The file contexts backend maps from pathname/mode combinations into
22 security contexts. It is used to find the appropriate context for each
23 file when relabeling a file system.
24 The path argument should be set to the full pathname of the file whose
26 assigned context is being checked. The mode argument should be set to
27 the mode bits of the file, as determined by lstat(2).
28
31 In addition to the global options described in selabel_open(3), this
32 backend recognizes the following options:
33 SELABEL_OPT_PATH
36 A non-null value for this option specifies a path to a file that
37 will be opened in lieu of the standard file contexts file. This
38 value is also used as the base name for determining the names of
39 local customization files.
40 SELABEL_OPT_BASEONLY
42 A non-null value for this option indicates that any local cus‐
43 tomizations to the file contexts mapping should be ignored.
44 SELABEL_OPT_SUBSET
46 A non-null value for this option is interpreted as a path pre‐
47 fix, for example "/etc". Only file context specifications
48 starting with the given prefix are loaded. This may increase
49 lookup performance, however any attempt to look up a path not
50 starting with the given prefix will fail.
51
54 selabel_open(3), selabel_lookup(3), selabel_stats(3), selinux(8)
55 18 Jun 2007 selabel_file(5)