selabel_open(3) - Man pages

dwww Home | Manual pages | Find package
selabel_open(3)            SELinux API documentation           selabel_open(3)

NAME
       selabel_open, selabel_close - userspace SELinux labeling interface

SYNOPSIS
       #include <selinux/selinux.h>
       #include <selinux/label.h>

       struct selabel_handle *selabel_open(unsigned int backend,
                                           const struct selinux_opt *options,
                                           unsigned nopt);

       void selabel_close(struct selabel_handle *hnd);

DESCRIPTION
       selabel_open()  is  used to initialize a labeling handle to be used for
       lookup operations.  The backend argument specifies which backend is  to
       be opened; the list of current backends appears in BACKENDS below.

       The  options  argument  should  be  NULL  or  a  pointer to an array of
       selinux_opt structures of length nopt:

              struct selinux_opt {
                  int         type;
                  const char  *value;
              };

       The available option types are described in  GLOBAL  OPTIONS  below  as
       well  as  in the documentation for each individual backend.  The return
       value on success is a non-NULL value for use in subsequent label opera-
       tions.

       selabel_close()  terminates  use  of a handle, freeing any internal re-
       sources associated with it.  After this call has been made, the  handle
       must not be used again.

GLOBAL OPTIONS
       Global  options  which may be passed to selabel_open() include the fol-
       lowing:

       SELABEL_OPT_UNUSED
              The option with a type code of zero is a no-op.  Thus  an  array
              of  options  may  be initizalized to zero and any untouched ele-
              ments will not cause an error.

       SELABEL_OPT_VALIDATE
              A non-null value for this option enables context validation.  By
              default,  security_check_context(3) is used; a custom validation
              function can be provided via selinux_set_callback(3).  Note that
              an  invalid  context may not be treated as an error unless it is
              actually encountered during a lookup operation.

       SELABEL_OPT_DIGEST
              A non-null value for this option enables the  generation  of  an
              SHA1 digest of the spec files loaded as described in selabel_di-
              gest(3)

BACKENDS
       SELABEL_CTX_FILE
              File contexts backend, described in selabel_file(5).

       SELABEL_CTX_MEDIA
              Media contexts backend, described in selabel_media(5).

       SELABEL_CTX_X
              X Windows contexts backend, described in selabel_x(5).

       SELABEL_CTX_DB
              Database objects contexts backend, described in selabel_db(5).

RETURN VALUE
       A non-NULL handle value is returned on success.  On error, NULL is  re-
       turned and errno is set appropriately.

AUTHOR
       Eamon Walsh <ewalsh@tycho.nsa.gov>

SEE ALSO
       selabel_lookup(3), selabel_stats(3), selinux_set_callback(3),
       selinux(8)

                                  18 Jun 2007                  selabel_open(3)
Generated by dwww version 1.15 on Sat Jun 29 11:45:40 CEST 2024.