selinux_file_context_verify(3) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | ERRORS | FILES | EXAMPLE | SEE ALSO | COLOPHON

selinux_...xt_verify(3) Library Functions Manual selinux_...xt_verify(3)

NAME         top

       selinux_file_context_verify - Compare the SELinux security
       context on disk to the default security context required by the
       policy file contexts file

SYNOPSIS         top

       #include <selinux/selinux.h>

       int selinux_file_context_verify(const char *path, mode_t mode);

DESCRIPTION         top

       selinux_file_context_verify() compares the context of the
       specified path that is held on disk (in the extended attribute),
       to the system default entry held in the file contexts series of
       files.

       The mode may be zero.

       Note that the two contexts are compared for "significant"
       differences (i.e. the user component of the contexts are ignored)
       as shown in the EXAMPLE section.

RETURN VALUE         top

       If the contexts significantly match, 1 (one) is returned.

       If the contexts do not match 0 (zero) is returned and errno is
       set to either ENOENT or EINVAL for the reasons listed in the
       ERRORS section, or if errno = 0 then the contexts did not match.

       On failure -1 is returned and errno set appropriately.

ERRORS         top

       ENOTSUP
              if extended attributes are not supported by the file
              system.

       ENOENT if there is no entry in the file contexts series of files
              or path does not exist.

       EINVAL if the entry in the file contexts series of files or path
              are invalid, or the returned context fails validation.

       ENOMEM if attempt to allocate memory failed.

FILES         top

       The following configuration files (the file contexts series of
       files) supporting the active policy will be used (should they
       exist) to determine the path default context:

              contexts/files/file_contexts - This file must exist.

              contexts/files/file_contexts.local - If exists has local
              customizations.

              contexts/files/file_contexts.homedirs - If exists has
              users home directory customizations.

              contexts/files/file_contexts.subs - If exists has
              substitutions that are then applied to the 'in memory'
              version of the file contexts files.

EXAMPLE         top

       If the files context is:
              unconfined_u:object_r:admin_home_t:s0

       and the default context defined in the file contexts file is:
              system_u:object_r:admin_home_t:s0

       then the actual strings compared are:
              :object_r:admin_home_t:s0 and :object_r:admin_home_t:s0

       Therefore they will match and selinux_file_context_verify() will
       return 1.

SEE ALSO         top

       selinux(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-
       space libraries and tools) project.  Information about the
       project can be found at 
       ⟨https://github.com/SELinuxProject/selinux/wiki⟩.  If you have a
       bug report for this manual page, see
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2024-06-14.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-05-11.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       man-pages@man7.org

SELinux API documentation     08 March 2011      selinux_...xt_verify(3)

Pages that refer to this page: selinux_lsetfilecon_default(3)