| selinux_file_context_verify(3) - phpMan
selinux_file_context_verify(3) Library Functions Manual selinux_file_context_verify(3)
NAME
selinux_file_context_verify - Compare the SELinux security context on disk to the default
security context required by the policy file contexts file
SYNOPSIS
#include <selinux/selinux.h>
int selinux_file_context_verify(const char *path, mode_t mode);
DESCRIPTION
selinux_file_context_verify() compares the context of the specified path that is held on
disk (in the extended attribute), to the system default entry held in the file contexts
series of files.
The mode may be zero.
Note that the two contexts are compared for "significant" differences (i.e. the user com‐
ponent of the contexts are ignored) as shown in the EXAMPLE section.
RETURN VALUE
If the contexts significantly match, 1 (one) is returned.
If the contexts do not match 0 (zero) is returned and errno is set to either ENOENT or
EINVAL for the reasons listed in the ERRORS section, or if errno = 0 then the contexts did
not match.
On failure -1 is returned and errno set appropriately.
ERRORS
ENOTSUP
if extended attributes are not supported by the file system.
ENOENT if there is no entry in the file contexts series of files or path does not exist.
EINVAL if the entry in the file contexts series of files or path are invalid, or the
returned context fails validation.
ENOMEM if attempt to allocate memory failed.
FILES
The following configuration files (the file contexts series of files) supporting the
active policy will be used (should they exist) to determine the path default context:
contexts/files/file_contexts - This file must exist.
contexts/files/file_contexts.local - If exists has local customizations.
contexts/files/file_contexts.homedirs - If exists has users home directory cus‐
tomizations.
contexts/files/file_contexts.subs - If exists has substitutions that are then
applied to the 'in memory' version of the file contexts files.
EXAMPLE
If the files context is:
unconfined_u:object_r:admin_home_t:s0
and the default context defined in the file contexts file is:
system_u:object_r:admin_home_t:s0
then the actual strings compared are:
:object_r:admin_home_t:s0 and :object_r:admin_home_t:s0
Therefore they will match and selinux_file_context_verify() will return 1.
SEE ALSO
selinux(8)
SELinux API documentation 08 March 2011 selinux_file_context_verify(3)
|