selabel_open(3)           SELinux API documentation          selabel_open(3)

NAME         top

       selabel_open, selabel_close - userspace SELinux labeling interface

SYNOPSIS         top

       #include <selinux/selinux.h>
       #include <selinux/label.h>

       struct selabel_handle *selabel_open(int backend,
                                           const struct selinux_opt
                                           unsigned nopt);

       void selabel_close(struct selabel_handle *hnd);

DESCRIPTION         top

       selabel_open() is used to initialize a labeling handle to be used for
       lookup operations.  The backend argument specifies which backend is
       to be opened; the list of current backends appears in BACKENDS below.

       The options argument should be NULL or a pointer to an array of
       selinux_opt structures of length nopt:

              struct selinux_opt {
                  int         type;
                  const char  *value;

       The available option types are described in GLOBAL OPTIONS below as
       well as in the documentation for each individual backend.  The return
       value on success is a non-NULL value for use in subsequent label

       selabel_close() terminates use of a handle, freeing any internal
       resources associated with it.  After this call has been made, the
       handle must not be used again.

GLOBAL OPTIONS         top

       Global options which may be passed to selabel_open() include the

              The option with a type code of zero is a no-op.  Thus an array
              of options may be initizalized to zero and any untouched
              elements will not cause an error.

              A non-null value for this option enables context validation.
              By default, security_check_context(3) is used; a custom
              validation function can be provided via
              selinux_set_callback(3).  Note that an invalid context may not
              be treated as an error unless it is actually encountered
              during a lookup operation.

              A non-null value for this option enables the generation of an
              SHA1 digest of the spec files loaded as described in

BACKENDS         top

              File contexts backend, described in selabel_file(5).

              Media contexts backend, described in selabel_media(5).

              X Windows contexts backend, described in selabel_x(5).

              Database objects contexts backend, described in selabel_db(5).

RETURN VALUE         top

       A non-NULL handle value is returned on success.  On error, NULL is
       returned and errno is set appropriately.

AUTHOR         top

       Eamon Walsh <>

SEE ALSO         top

       selabel_lookup(3), selabel_stats(3), selinux_set_callback(3),

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨⟩.  If you
       have a bug report for this manual page, see 
       ⟨⟩.  This
       page was obtained from the project's upstream Git repository 
       ⟨⟩ on 2017-03-13.  If you
       discover any rendering problems in this HTML version of the page, or
       you believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail

                                 18 Jun 2007                 selabel_open(3)