selinux_file_context_verify() compares the context of the specified
path that is held on disk (in the extended attribute), to the system
default entry held in the file contexts series of files.
The mode may be zero.
Note that the two contexts are compared for "significant" differences
(i.e. the user component of the contexts are ignored) as shown in the
If the contexts significantly match, 1 (one) is returned.
If the contexts do not match 0 (zero) is returned and errno is set to
either ENOENT or EINVAL for the reasons listed in the ERRORS section,
or if errno = 0 then the contexts did not match.
On failure -1 is returned and errno set appropriately.
if extended attributes are not supported by the file system.
ENOENT if there is no entry in the file contexts series of files or
path does not exist.
EINVAL if the entry in the file contexts series of files or path are
invalid, or the returned context fails validation.
ENOMEM if attempt to allocate memory failed.
The following configuration files (the file contexts series of files)
supporting the active policy will be used (should they exist) to
determine the path default context:
contexts/files/file_contexts - This file must exist.
contexts/files/file_contexts.local - If exists has local
contexts/files/file_contexts.homedirs - If exists has users
home directory customizations.
contexts/files/file_contexts.subs - If exists has
substitutions that are then applied to the 'in memory' version
of the file contexts files.
If the files context is:
and the default context defined in the file contexts file is:
then the actual strings compared are:
:object_r:admin_home_t:s0 and :object_r:admin_home_t:s0
Therefore they will match and selinux_file_context_verify() will
This page is part of the selinux (Security-Enhanced Linux user-space
libraries and tools) project. Information about the project can be
found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you
have a bug report for this manual page, see
page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2017-03-13. If you
discover any rendering problems in this HTML version of the page, or
you believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
SELinux API documentation 08 March 2011 selinux_file_context_verify(3)