1getfscreatecon(3)         SE Linux API documentation         getfscreatecon(3)
2
3
4

NAME

6       getfscreatecon,  setfscreatecon  - get or set the SELinux security con‐
7       text used for creating a new file system object.
8
9

SYNOPSIS

11       #include <selinux/selinux.h>
12
13       int getfscreatecon(security_context_t *con);
14
15       int setfscreatecon(security_context_t context);
16
17

DESCRIPTION

19       getfscreatecon retrieves the context used for creating a new file  sys‐
20       tem object.  This returned context should be freed with freecon if non-
21       NULL.  getfscreatecon sets *con to NULL if no fscreate context has been
22       explicitly set by the program (i.e. using the default policy behavior).
23
24       setfscreatecon  sets  the  context  used for creating a new file system
25       object.  NULL can be passed to setfscreatecon to reset to  the  default
26       policy behavior.  The fscreate context is automatically reset after the
27       next execve, so a program doesn't need to explicitly sanitize  it  upon
28       startup.
29
30       setfscreatecon  can  be  applied prior to library functions that inter‐
31       nally perform an file creation, in order to set an file context on  the
32       objects.
33
34
35       Note:  Signal  handlers  that  perform an setfscreate must take care to
36       save, reset, and restore  the  fscreate  context  to  avoid  unexpected
37       behaviors.
38

RETURN VALUE

40       On error -1 is returned.  On success 0 is returned.
41
42

SEE ALSO

44       selinux(8), freecon(3), getcon(3), getexeccon(3)
45
46
47
48russell@coker.com.au            1 January 2004               getfscreatecon(3)