Scroll to navigation

getfilecon(3) SELinux API documentation getfilecon(3)

NAME

getfilecon, fgetfilecon, lgetfilecon - get SELinux security context of a file

SYNOPSIS

#include <selinux/selinux.h>

int getfilecon(const char *path, char **con);

int getfilecon_raw(const char *path, char **con);

int lgetfilecon(const char *path, char **con);

int lgetfilecon_raw(const char *path, char **con);

int fgetfilecon(int fd, char **con);

int fgetfilecon_raw(int fd, char **con);

DESCRIPTION

getfilecon() retrieves the context associated with the given path in the file system, the length of the context is returned. The context should not be used in selinux_access_check as this function can return a cached value, which is not suitable for access checking. It should only be used to print translated value to the user.

lgetfilecon() is identical to getfilecon(), except in the case of a symbolic link, where the link itself is interrogated, not the file that it refers to.

fgetfilecon() is identical to getfilecon(), only the open file pointed to by filedes (as returned by open(2)) is interrogated in place of path.

getfilecon_raw(), lgetfilecon_raw() and fgetfilecon_raw() behave identically to their non-raw counterparts but do not perform context translation.

The returned context should be freed with freecon(3) if non-NULL.

RETURN VALUE

On success, a positive number is returned indicating the size of the extended attribute value. On failure, -1 is returned and errno is set appropriately.

If the context does not exist, or the process has no access to this attribute, errno is set to ENODATA.

If extended attributes are not supported by the filesystem, or are disabled, errno is set to ENOTSUP.

The errors documented for the stat(2) system call are also applicable here.

SEE ALSO

selinux(8), freecon(3), setfilecon(3), setfscreatecon(3)

1 January 2004 russell@coker.com.au