1selabel_open(3)            SELinux API documentation           selabel_open(3)
2
3
4

NAME

6       selabel_open, selabel_close - userspace SELinux labeling interface
7

SYNOPSIS

9       #include <selinux/selinux.h>
10       #include <selinux/label.h>
11
12       struct selabel_handle *selabel_open(unsigned int backend,
13                                           const struct selinux_opt *options,
14                                           unsigned nopt);
15
16       void selabel_close(struct selabel_handle *hnd);
17

DESCRIPTION

19       selabel_open()  is  used to initialize a labeling handle to be used for
20       lookup operations.  The backend argument specifies which backend is  to
21       be opened; the list of current backends appears in BACKENDS below.
22
23       The  options  argument  should  be  NULL  or  a  pointer to an array of
24       selinux_opt structures of length nopt:
25
26              struct selinux_opt {
27                  int         type;
28                  const char  *value;
29              };
30
31       The available option types are described in  GLOBAL  OPTIONS  below  as
32       well  as  in the documentation for each individual backend.  The return
33       value on success is a non-NULL value for use in subsequent label opera‐
34       tions.
35
36       selabel_close()  terminates  use  of a handle, freeing any internal re‐
37       sources associated with it.  After this call has been made, the  handle
38       must not be used again.
39

GLOBAL OPTIONS

41       Global  options  which may be passed to selabel_open() include the fol‐
42       lowing:
43
44       SELABEL_OPT_UNUSED
45              The option with a type code of zero is a no-op.  Thus  an  array
46              of  options  may  be initizalized to zero and any untouched ele‐
47              ments will not cause an error.
48
49       SELABEL_OPT_VALIDATE
50              A non-null value for this option enables context validation.  By
51              default,  security_check_context(3) is used; a custom validation
52              function can be provided via selinux_set_callback(3).  Note that
53              an  invalid  context may not be treated as an error unless it is
54              actually encountered during a lookup operation.
55
56       SELABEL_OPT_DIGEST
57              A non-null value for this option enables the  generation  of  an
58              SHA256  digest  of  the  spec files loaded as described in sela‐
59              bel_digest(3)
60

BACKENDS

62       SELABEL_CTX_FILE
63              File contexts backend, described in selabel_file(5).
64
65       SELABEL_CTX_MEDIA
66              Media contexts backend, described in selabel_media(5).
67
68       SELABEL_CTX_X
69              X Windows contexts backend, described in selabel_x(5).
70
71       SELABEL_CTX_DB
72              Database objects contexts backend, described in selabel_db(5).
73

RETURN VALUE

75       A non-NULL handle value is returned on success.  On error, NULL is  re‐
76       turned and errno is set appropriately.
77

AUTHOR

79       Eamon Walsh <ewalsh@tycho.nsa.gov>
80

SEE ALSO

82       selabel_lookup(3), selabel_stats(3), selinux_set_callback(3),
83       selinux(8)
84
85
86
87                                  18 Jun 2007                  selabel_open(3)
Impressum