matchpathcon_init(3) — Linux manual page


matchpathcon(3)           SELinux API documentation          matchpathcon(3)

NAME         top

       matchpathcon,  matchpathcon_index  - get the default SELinux security
       context for the specified path from the file contexts configuration

SYNOPSIS         top

       #include <selinux/selinux.h>

       int matchpathcon_init(const char *path);

       int matchpathcon_init_prefix(const char *path, const char *prefix);

       int matchpathcon_fini(void);

       int matchpathcon(const char *path, mode_t mode, char **con);

       int matchpathcon_index(const char *name, mode_t mode, char **con);

DESCRIPTION         top

       This family of functions is deprecated.  For new code, please use
       selabel_open(3) with the SELABEL_CTX_FILE backend in place of
       matchpathcon_init(), use selabel_close(3) in place of
       matchpathcon_fini(), and use selabel_lookup(3) in place of

       The remaining description below is for the legacy interface.

       matchpathcon_init() loads the file contexts configuration specified
       by path into memory for use by subsequent matchpathcon() calls.  If
       path is NULL, then the active file contexts configuration is loaded
       by default, i.e. the path returned by selinux_file_context_path(3).
       Unless the MATCHPATHCON_BASEONLY flag has been set via
       set_matchpathcon_flags(3), files with the same path prefix but a
       .homedirs and .local suffix are also looked up and loaded if present.
       These files provide dynamically generated entries for user home
       directories and for local customizations.

       matchpathcon_init_prefix() is the same as matchpathcon_init() but
       only loads entries with regular expressions whose first pathname
       component is a prefix of prefix , e.g. pass "/dev" if you only intend
       to call matchpathcon() with pathnames beginning with /dev.  However,
       this optimization is no longer necessary due to the use of
       file_contexts.bin files with precompiled regular expressions, so use
       of this interface is deprecated.

       matchpathcon_fini() frees the memory allocated by a prior call to
       matchpathcon_init.() This function can be used to free and reset the
       internal state between multiple matchpathcon_init() calls, or to free
       memory when finished using matchpathcon().

       matchpathcon() matches the specified pathname, after transformation
       via realpath(3) excepting any final symbolic link component if
       S_IFLNK was specified as the mode, and mode against the file contexts
       configuration and sets the security context con to refer to the
       resulting context. The caller must free the returned security context
       con using freecon(3) when finished using it.  mode can be 0 to
       disable mode matching, but should be provided whenever possible, as
       it may affect the matching.  Only the file format bits (i.e. the file
       type) of the mode are used.  If matchpathcon_init() has not already
       been called, then this function will call it upon its first
       invocation with a NULL path, defaulting to the active file contexts

       matchpathcon_index() is the same as matchpathcon() but returns a
       specification index that can later be used in a
       matchpathcon_filespec_add(3) call.

RETURN VALUE         top

       Returns zero on success or -1 otherwise.

SEE ALSO         top

       selinux(8), set_matchpathcon_flags(3),
       set_matchpathcon_invalidcon(3), set_matchpathcon_printf(3),
       matchpathcon_filespec_add(3), matchpathcon_checkmatches(3),
       freecon(3), setfilecon(3), setfscreatecon(3)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨⟩.  If you
       have a bug report for this manual page, see
       ⟨⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨⟩ on 2020-11-01.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-10-31.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or im‐
       provements to the information in this COLOPHON (which is not part of
       the original manual page), send a mail to             21 November 2009               matchpathcon(3)

Pages that refer to this page: set_matchpathcon_flags(3)set_matchpathcon_invalidcon(3)set_matchpathcon_printf(3)