selabel_lookup_best_match() performs a best match lookup operation on
the handle hnd, returning the result in the memory pointed to by
context, which must be freed by the caller using freecon(3). The key
parameter is a file path to check for best match using zero or more
link (aliases) parameters. The order of precedence for best match is:
1. An exact match for the real path (key) or
2. An exact match for any of the links (aliases), or
3. The longest fixed prefix match.
The type parameter is an optional file mode argument that should be
set to the mode bits of the file, as determined by lstat(2). mode
may be zero, however full matching may not occur.
selabel_lookup_best_match_raw() behaves identically to
selabel_lookup_best_match() but does not perform context translation.
ENOENT No context corresponding to the input key and type was found.
EINVAL The key and/or type inputs are invalid, or the context being
returned failed validation.
ENOMEM An attempt to allocate memory failed.
Example usage - When a service creates a device node, it may also
create one or more symlinks to the device node. These symlinks may
be the only stable name for the device, e.g. if the partition is
dynamically assigned. The file label backend supports this by
looking up the "best match" for a device node based on its real path
(key) and any links to it (aliases). The order of precedence for best
match is described above.
This page is part of the selinux (Security-Enhanced Linux user-space
libraries and tools) project. Information about the project can be
found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you
have a bug report for this manual page, see
page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2017-03-13. If you
discover any rendering problems in this HTML version of the page, or
you believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
Security Enhanced Linux 05 May 2015 selabel_lookup_best_match(3)