Scroll to navigation

selabel_file(5) SELinux API documentation selabel_file(5)

NAME

selabel_file - userspace SELinux labeling interface: file contexts backend.

SYNOPSIS

#include <selinux/selinux.h>

#include <selinux/label.h>

int selabel_lookup(struct selabel_handle *hnd,
security_context_t *context,

const char *path, int mode);

DESCRIPTION

The file contexts backend maps from pathname/mode combinations into security contexts. It is used to find the appropriate context for each file when relabeling a file system.

The path argument should be set to the full pathname of the file whose assigned context is being checked. The mode argument should be set to the mode bits of the file, as determined by lstat(2).

OPTIONS

In addition to the global options described in selabel_open(3), this backend recognizes the following options:

A non-null value for this option specifies a path to a file that will be opened in lieu of the standard file contexts file. This value is also used as the base name for determining the names of local customization files.
A non-null value for this option indicates that any local customizations to the file contexts mapping should be ignored.
A non-null value for this option is interpreted as a path prefix, for example "/etc". Only file context specifications starting with the given prefix are loaded. This may increase lookup performance, however any attempt to look up a path not starting with the given prefix will fail.

SEE ALSO

selabel_open(3), selabel_lookup(3), selabel_stats(3), selinux(8)

18 Jun 2007