1setfilecon(3) SELinux API documentation setfilecon(3)
2
3
4
6 setfilecon, fsetfilecon, lsetfilecon - set SELinux security context of
7 a file
8
10 #include <selinux/selinux.h>
11
12 int setfilecon(const char *path, const char *con);
13
14 int setfilecon_raw(const char *path, const char *con);
15
16 int lsetfilecon(const char *path, const char *con);
17
18 int lsetfilecon_raw(const char *path, const char *con);
19
20 int fsetfilecon(int fd, const char *con);
21
22 int fsetfilecon_raw(int fd, const char *con);
23
25 setfilecon() sets the security context of the file system object.
26
27 lsetfilecon() is identical to setfilecon, except in the case of a sym‐
28 bolic link, where the link itself has it's context set, not the file
29 that it refers to.
30
31 fsetfilecon() is identical to setfilecon, only the open file pointed to
32 by filedes (as returned by open(2)) has it's context set in place of
33 path. Since libselinux 3.4 a file opened via O_PATH is supported.
34
35 setfilecon_raw(), lsetfilecon_raw(), and fsetfilecon_raw() behave iden‐
36 tically to their non-raw counterparts but do not perform context trans‐
37 lation.
38
40 On success, zero is returned. On failure, -1 is returned and errno is
41 set appropriately.
42
44 If there is insufficient space remaining to store the extended attri‐
45 bute, errno is set to either ENOSPC, or EDQUOT if quota enforcement was
46 the cause.
47
48 If extended attributes are not supported by the filesystem, or are dis‐
49 abled, errno is set to ENOTSUP.
50
51 The errors documented for the stat(2) system call are also applicable
52 here.
53
55 selinux(3), freecon(3), getfilecon(3), setfscreatecon(3)
56
57
58
59russell@coker.com.au 1 January 2004 setfilecon(3)