Man Linux: Main Page and Category List

NAME

       getfscreatecon,  setfscreatecon  -  get  or  set  the  SELinux security
       context used for creating a new file system object.

SYNOPSIS

       #include <selinux/selinux.h>

       int getfscreatecon(security_context_t *con);

       int setfscreatecon(security_context_t context);

DESCRIPTION

       getfscreatecon retrieves the context  used  for  creating  a  new  file
       system  object.   This returned context should be freed with freecon if
       non-NULL.  getfscreatecon sets *con to NULL if no fscreate context  has
       been  explicitly  set  by  the  program  (i.e. using the default policy
       behavior).

       setfscreatecon sets the context used for creating  a  new  file  system
       object.   NULL  can be passed to setfscreatecon to reset to the default
       policy behavior.  The fscreate context is automatically reset after the
       next  execve,  so a program doesn’t need to explicitly sanitize it upon
       startup.

       setfscreatecon  can  be  applied  prior  to  library   functions   that
       internally perform an file creation, in order to set an file context on
       the objects.

       Note: Signal handlers that perform an setfscreate  must  take  care  to
       save,  reset,  and  restore  the  fscreate  context to avoid unexpected
       behavior.

RETURN VALUE

       On error -1 is returned.  On success 0 is returned.

SEE ALSO

       selinux(8), freecon(3), getcon(3), getexeccon(3)