:: RootR ::  Hosting Order Map Login   Secure Inter-Network Operations  
 
selinux_file_context_verify(3) - phpMan

Command: man perldoc info search(apropos)  


selinux_file_context_verify(3)       Library Functions Manual      selinux_file_context_verify(3)



NAME
       selinux_file_context_verify  - Compare the SELinux security context on disk to the default
       security context required by the policy file contexts file

SYNOPSIS
       #include <selinux/selinux.h>

       int selinux_file_context_verify(const char *path, mode_t mode);

DESCRIPTION
       selinux_file_context_verify() compares the context of the specified path that is  held  on
       disk  (in  the  extended attribute), to the system default entry held in the file contexts
       series of files.

       The mode may be zero.

       Note that the two contexts are compared for "significant" differences (i.e. the user  com‐
       ponent of the contexts are ignored) as shown in the EXAMPLE section.

RETURN VALUE
       If the contexts significantly match, 1 (one) is returned.

       If  the  contexts  do  not match 0 (zero) is returned and errno is set to either ENOENT or
       EINVAL for the reasons listed in the ERRORS section, or if errno = 0 then the contexts did
       not match.

       On failure -1 is returned and errno set appropriately.

ERRORS
       ENOTSUP
              if extended attributes are not supported by the file system.

       ENOENT if there is no entry in the file contexts series of files or path does not exist.

       EINVAL if  the  entry  in  the  file  contexts series of files or path are invalid, or the
              returned context fails validation.

       ENOMEM if attempt to allocate memory failed.

FILES
       The following configuration files (the file  contexts  series  of  files)  supporting  the
       active policy will be used (should they exist) to determine the path default context:

              contexts/files/file_contexts - This file must exist.

              contexts/files/file_contexts.local - If exists has local customizations.

              contexts/files/file_contexts.homedirs  -  If  exists  has users home directory cus‐
              tomizations.

              contexts/files/file_contexts.subs - If  exists  has  substitutions  that  are  then
              applied to the 'in memory' version of the file contexts files.

EXAMPLE
       If the files context is:
              unconfined_u:object_r:admin_home_t:s0

       and the default context defined in the file contexts file is:
              system_u:object_r:admin_home_t:s0

       then the actual strings compared are:
              :object_r:admin_home_t:s0 and :object_r:admin_home_t:s0

       Therefore they will match and selinux_file_context_verify() will return 1.

SEE ALSO
       selinux(8)



SELinux API documentation                 08 March 2011            selinux_file_context_verify(3)


/man
rootr.net - man pages