NAME
getsockcreatecon, setsockcreatecon - get or set the SELinux security
context used for creating a new labeled sockets.
SYNOPSIS
#include <selinux/selinux.h>
int getsockcreatecon(security_context_t *con);
int setsockcreatecon(security_context_t context);
DESCRIPTION
getsockcreatecon retrieves the context used for creating a new labeled
network socket. This returned context should be freed with freecon if
non-NULL. getsockcreatecon sets *con to NULL if no sockcreate context
has been explicitly set by the program (i.e. using the default policy
behavior).
setsockcreatecon sets the context used for creating a new labeled
network sockets NULL can be passed to setsockcreatecon to reset to the
default policy behavior. The sockcreate context is automatically reset
after the next execve, so a program doesn’t need to explicitly sanitize
it upon startup.
setsockcreatecon can be applied prior to library functions that
internally perform an file creation, in order to set an file context on
the objects.
Note: Signal handlers that perform an setsockcreate must take care to
save, reset, and restore the sockcreate context to avoid unexpected
behavior.
RETURN VALUE
On error -1 is returned. On success 0 is returned.
SEE ALSO
selinux(8), freecon(3), getcon(3)
dwalsh@redhat.com from russell@24kSeptember 2008 getsockcreatecon(3)