41 lines
1.5 KiB
Groff
41 lines
1.5 KiB
Groff
.TH "getfscreatecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"
|
|
.SH "NAME"
|
|
getfscreatecon, setfscreatecon \- get or set the SE Linux security context used for creating a new file system object.
|
|
|
|
.SH "SYNOPSIS"
|
|
.B #include <selinux/selinux.h>
|
|
.sp
|
|
.BI "int getfscreatecon(security_context_t *" con );
|
|
.br
|
|
.BI "int setfscreatecon(security_context_t "context );
|
|
|
|
.SH "DESCRIPTION"
|
|
.B getfscreatecon
|
|
retrieves the context used for creating a new file system object.
|
|
This returned context should be freed with freecon if non-NULL.
|
|
getfscreatecon sets *con to NULL if no fscreate context has been explicitly
|
|
set by the program (i.e. using the default policy behavior).
|
|
|
|
.B setfscreatecon
|
|
sets the context used for creating a new file system object.
|
|
NULL can be passed to
|
|
setfscreatecon to reset to the default policy behavior.
|
|
The fscreate context is automatically reset after the next execve, so a
|
|
program doesn't need to explicitly sanitize it upon startup.
|
|
.br
|
|
setfscreatecon can be applied prior to library
|
|
functions that internally perform an file creation,
|
|
in order to set an file context on the objects.
|
|
.br
|
|
|
|
Note: Signal handlers that perform an setfscreate must take care to
|
|
save, reset, and restore the fscreate context to avoid unexpected behaviors.
|
|
.SH "RETURN VALUE"
|
|
On error -1 is returned.
|
|
|
|
On success getfscreatecon returns the length of the context (not including
|
|
the trailing zero byte). On success setfscreatecon returns 0.
|
|
|
|
.SH "SEE ALSO"
|
|
.BR freecon "(3), " getcon "(3), " getexeccon "(3)"
|