matchpathcon(3) SELinux API documentation matchpathcon(3)
NAME
matchpathcon, matchpathcon_index - get the default SELinux security
context for the specified path from the file contexts configuration
SYNOPSIS
#include <selinux/selinux.h>
int matchpathcon_init(const char *path);
int matchpathcon_init_prefix(const char *path, const char *prefix);
int matchpathcon_fini(void);
int matchpathcon(const char *path, mode_t mode, char **con);
int matchpathcon_index(const char *name, mode_t mode, char **con);
DESCRIPTION
This family of functions is deprecated. For new code, please use sela-
bel_open(3) with the SELABEL_CTX_FILE backend in place of matchpath-
con_init(), use selabel_close(3) in place of matchpathcon_fini(), and
use selabel_lookup(3) in place of matchpathcon().
The remaining description below is for the legacy interface.
matchpathcon_init() loads the file contexts configuration specified by
path into memory for use by subsequent matchpathcon() calls. If path
is NULL, then the active file contexts configuration is loaded by de-
fault, i.e. the path returned by selinux_file_context_path(3). Unless
the MATCHPATHCON_BASEONLY flag has been set via
set_matchpathcon_flags(3), files with the same path prefix but a
.homedirs and .local suffix are also looked up and loaded if present.
These files provide dynamically generated entries for user home direc-
tories and for local customizations.
matchpathcon_init_prefix() is the same as matchpathcon_init() but only
loads entries with regular expressions whose first pathname component
is a prefix of prefix , e.g. pass "/dev" if you only intend to call
matchpathcon() with pathnames beginning with /dev. However, this opti-
mization is no longer necessary due to the use of file_contexts.bin
files with precompiled regular expressions, so use of this interface is
deprecated.
matchpathcon_fini() frees the memory allocated by a prior call to
matchpathcon_init.() This function can be used to free and reset the
internal state between multiple matchpathcon_init() calls, or to free
memory when finished using matchpathcon().
matchpathcon() matches the specified pathname, after transformation via
realpath(3) excepting any final symbolic link component if S_IFLNK was
specified as the mode, and mode against the file contexts configuration
and sets the security context con to refer to the resulting context.
The caller must free the returned security context con using freecon(3)
when finished using it. mode can be 0 to disable mode matching, but
should be provided whenever possible, as it may affect the matching.
Only the file format bits (i.e. the file type) of the mode are used.
If matchpathcon_init() has not already been called, then this function
will call it upon its first invocation with a NULL path, defaulting to
the active file contexts configuration.
matchpathcon_index() is the same as matchpathcon() but returns a speci-
fication index that can later be used in a matchpathcon_filespec_add(3)
call.
RETURN VALUE
Returns zero on success or -1 otherwise.
SEE ALSO
selinux(8), set_matchpathcon_flags(3), set_matchpathcon_invalidcon(3),
set_matchpathcon_printf(3), matchpathcon_filespec_add(3),
matchpathcon_checkmatches(3), freecon(3), setfilecon(3),
setfscreatecon(3)
sds@tycho.nsa.gov 21 November 2009 matchpathcon(3)
Generated by dwww version 1.15 on Wed Jun 26 18:13:37 CEST 2024.