NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | NOTES | SEE ALSO | COLOPHON

selinux_restorecon_xattr(3)ELinux API documentationlinux_restorecon_xattr(3)

NAME         top

       selinux_restorecon_xattr  -  manage  default security.restorecon_last
       extended   attribute   entries   added   by    selinux_restorecon(3),
       setfiles(8) or restorecon(8).

SYNOPSIS         top

       #include <selinux/restorecon.h>

       int selinux_restorecon_xattr(const char *pathname,
                              unsigned int xattr_flags,
                              struct dir_xattr ***xattr_list);

DESCRIPTION         top

       selinux_restorecon_xattr() returns a linked list of dir_xattr
       structures containing information described below based on:

              pathname containing a directory tree to be searched for
              security.restorecon_last extended attribute entries.

              xattr_flags contains options as follows:

                     SELINUX_RESTORECON_XATTR_RECURSE recursively descend
                     directories.

                     SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS delete
                     non-matching digests from each directory in pathname.

                     SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS delete all
                     digests from each directory in pathname.

                     SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS do not read
                     /proc/mounts to obtain a list of non-seclabel mounts to
                     be excluded from the search.
                     Setting SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS is
                     useful where there is a non-seclabel fs mounted with a
                     seclabel fs mounted on a directory below this.

              xattr_list is the returned pointer to a linked list of
              dir_xattr structures, each containing the following
              information:

                     struct dir_xattr {
                         char *directory;
                         char *digest;    /* Printable hex encoded string */
                         enum digest_result result;
                         struct dir_xattr *next;
                     };

              The result entry is enumerated as follows:
                     enum digest_result {
                         MATCH = 0,
                         NOMATCH,
                         DELETED_MATCH,
                         DELETED_NOMATCH,
                         ERROR
                     };

              xattr_list must be set to NULL before calling
              selinux_restorecon_xattr(3).  The caller is responsible for
              freeing the returned xattr_list entries in the linked list.

       See the NOTES section for more information.

RETURN VALUE         top

       On success, zero is returned.  On error, -1 is returned and errno is
       set appropriately.

NOTES         top

       1.  By default selinux_restorecon_xattr(3) will use the default set
           of specfiles described in files_contexts(5) to calculate the
           initial SHA1 digest to be used for comparision.  To change this
           default behavior selabel_open(3) must be called specifying the
           required SELABEL_OPT_PATH and setting the SELABEL_OPT_DIGEST
           option to a non-NULL value.  selinux_restorecon_set_sehandle(3)
           is then called to set the handle to be used by
           selinux_restorecon_xattr(3).

       2.  By default selinux_restorecon_xattr(3) reads /proc/mounts to
           obtain a list of non-seclabel mounts to be excluded from searches
           unless the SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS flag has been
           set.

       3.  RAMFS and TMPFS filesystems do not support the
           security.restorecon_last extended attribute and are automatically
           excluded from searches.

       4.  By default stderr is used to log output messages and errors. This
           may be changed by calling selinux_set_callback(3) with the
           SELINUX_CB_LOG type option.

SEE ALSO         top

       selinux_restorecon(3)
       selinux_restorecon_set_sehandle(3),
       selinux_restorecon_default_handle(3),
       selinux_restorecon_set_exclude_list(3),
       selinux_restorecon_set_alt_rootpath(3),
       selinux_set_callback(3)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.  If you
       have a bug report for this manual page, see 
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.  This
       page was obtained from the project's upstream Git repository 
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2017-07-05.  If you
       discover any rendering problems in this HTML version of the page, or
       you believe there is a better or more up-to-date source for the page,
       or you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail
       to man-pages@man7.org

                                30 July 2016     selinux_restorecon_xattr(3)

Pages that refer to this page: selinux_restorecon(3)selinux_restorecon_default_handle(3)selinux_restorecon_set_alt_rootpath(3)selinux_restorecon_set_exclude_list(3)selinux_restorecon_set_sehandle(3)selinux_restorecon_xattr(3)