selinux_file_context_verify(3) — Linux manual page


selinux_file_context_verify(3)ary Functions Manualnux_file_context_verify(3)

NAME         top

       selinux_file_context_verify - Compare the SELinux security context on
       disk to the default security context required by the policy file con‐
       texts file

SYNOPSIS         top

       #include <selinux/selinux.h>

       int selinux_file_context_verify(const char *path, mode_t mode);

DESCRIPTION         top

       selinux_file_context_verify() compares the context of the specified
       path that is held on disk (in the extended attribute), to the system
       default entry held in the file contexts series of files.

       The mode may be zero.

       Note that the two contexts are compared for "significant" differences
       (i.e. the user component of the contexts are ignored) as shown in the
       EXAMPLE section.

RETURN VALUE         top

       If the contexts significantly match, 1 (one) is returned.

       If the contexts do not match 0 (zero) is returned and errno is set to
       either ENOENT or EINVAL for the reasons listed in the ERRORS section,
       or if errno = 0 then the contexts did not match.

       On failure -1 is returned and errno set appropriately.

ERRORS         top

              if extended attributes are not supported by the file system.

       ENOENT if there is no entry in the file contexts series of files or
              path does not exist.

       EINVAL if the entry in the file contexts series of files or path are
              invalid, or the returned context fails validation.

       ENOMEM if attempt to allocate memory failed.

FILES         top

       The following configuration files (the file contexts series of files)
       supporting the active policy will be used (should they exist) to
       determine the path default context:

              contexts/files/file_contexts - This file must exist.

              contexts/files/file_contexts.local - If exists has local

              contexts/files/file_contexts.homedirs - If exists has users
              home directory customizations.

              contexts/files/file_contexts.subs - If exists has
              substitutions that are then applied to the 'in memory' version
              of the file contexts files.

EXAMPLE         top

       If the files context is:

       and the default context defined in the file contexts file is:

       then the actual strings compared are:
              :object_r:admin_home_t:s0 and :object_r:admin_home_t:s0

       Therefore they will match and selinux_file_context_verify() will
       return 1.

SEE ALSO         top


COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨⟩.  If you
       have a bug report for this manual page, see
       ⟨⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨⟩ on 2020-09-18.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-09-17.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not part
       of the original manual page), send a mail to

SELinux API documentation       08 March 2011 selinux_file_context_verify(3)

Pages that refer to this page: selinux_lsetfilecon_default(3)