Man Linux: Main Page and Category List

NAME

       matchpathcon,  matchpathcon_index  -  get  the default SELinux security
       context for the specified path from the file contexts configuration.

SYNOPSIS

       #include <selinux/selinux.h>

       int matchpathcon_init(const char *path);

       int matchpathcon_init_prefix(const char *path, const char *subset);

       int matchpathcon_fini(void);

       int matchpathcon(const  char  *path,  mode_t  mode,  security_context_t
       *con);

       int     matchpathcon_index(const     char     *name,    mode_t    mode,
       security_context_t * con);

DESCRIPTION

       matchpathcon_init loads the file contexts  configuration  specified  by
       path  into memory for use by subsequent matchpathcon calls.  If path is
       NULL, then the active file contexts configuration is loaded by default,
       i.e.  the  path  returned  by selinux_file_context_path(3).  Unless the
       MATCHPATHCON_BASEONLY flag has been set via  set_matchpathcon_flags(3),
       files  with  the same path prefix but a .homedirs and .local suffix are
       also looked up and loaded if present.  These files provide  dynamically
       generated   entries   for   user   home   directories   and  for  local
       customizations.

       matchpathcon_init_prefix is the  same  as  matchpathcon_init  but  only
       loads  entries  with  regular  expressions  that have stems prefixed by
       prefix.

       matchpathcon_fini frees  the  memory  allocated  by  a  prior  call  to
       matchpathcon_init.   This  function  can  be used to free and reset the
       internal state between multiple matchpathcon_init  calls,  or  to  free
       memory when finished using matchpathcon.

       matchpathcon  matches  the specified pathname and mode against the file
       contexts configuration and sets the security context con  to  refer  to
       the  resulting  context.  The  caller  must  free the returned security
       context con using freecon(3) when finished using it.  mode can be 0  to
       disable  mode matching, but should be provided whenever possible, as it
       may affect the matching.  Only the file  format  bits  (i.e.  the  file
       type)  of the mode are used.  If matchpathcon_init has not already been
       called, then this function will call it upon its first invocation  with
       a NULL path, defaulting to the active file contexts configuration.

       matchpathcon_index   is   the   same  as  matchpathcon  but  returns  a
       specification    index    that    can    later    be    used    in    a
       matchpathcon_filespec_add(3) call.

RETURN VALUE

       Returns zero on success or -1 otherwise.

SEE ALSO

       selinux(8),  set_matchpathcon_flags(3), set_matchpathcon_invalidcon(3),
       set_matchpathcon_printf(3),               matchpathcon_filespec_add(3),
       matchpathcon_checkmatches(3),         freecon(3),        setfilecon(3),
       setfscreatecon(3)