The OpenNET Project / Index page

[ новости /+++ | форум | теги | ]

Интерактивная система просмотра системных руководств (man-ов)

 ТемаНаборКатегория 
 
 [Cписок руководств | Печать]

matchpathcon (3)
  • >> matchpathcon (3) ( Linux man: Библиотечные вызовы )
  • matchpathcon (8) ( Linux man: Команды системного администрирования )
    •  

    NAME

    matchpathcon - get the default security context for the specified path from the file contexts configuration.

    
 

    SYNOPSIS

    #include <selinux/selinux.h>

    int matchpathcon_init(const char *path);
    int matchpathcon_fini(void);
    int matchpathcon(const char *path, mode_t mode, security_context_t *con);


    void set_matchpathcon_printf(void (*f)(const char *fmt, ...));
    void set_matchpathcon_invalidcon(int (*f)(const char *path, unsigned lineno, char * context));
    void set_matchpathcon_flags(unsigned int flags);
     

    DESCRIPTION

    matchpathcon_init loads the file contexts configuration specified by path into memory for use by subsequent matchpathcon calls. If path is NULL, then the active file contexts configuration is loaded by default, i.e. the path returned by selinux_file_context_path(3). Unless the MATCHPATHCON_BASEONLY flag has been set via set_matchpathcon_flags, files with the same path prefix but a .homedirs and .local suffix are also looked up and loaded if present. These files provide dynamically generated entries for user home directories and for local customizations.

    matchpathcon_fini frees the memory allocated by a prior call to matchpathcon_init. This function can be used to free and reset the internal state between multiple matchpathcon_init calls, or to free memory when finished using matchpathcon.

    matchpathcon matches the specified pathname and mode against the file contexts configuration and sets the security context con to refer to the resulting context. The caller must free the returned security context con using freecon when finished using it. mode can be 0 to disable mode matching, but should be provided whenever possible, as it may affect the matching. Only the file format bits (i.e. the file type) of the mode are used. If matchpathcon_init has not already been called, then this function will call it upon its first invocation with a NULL path, defaulting to the active file contexts configuration.


    set_matchpathcon_printf sets the function used by matchpathcon_init when displaying errors about the file contexts configuration. If not set, then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect error reporting to a different destination.

    set_matchpathcon_invalidcon sets the function used by matchpathcon_init when checking the validity of a context in the file contexts configuration. If not set, then this defaults to a test based on security_check_context(3), which checks validity against the active policy on a SELinux system. This can be set to instead perform checking based on a binary policy file, e.g. using sepol_check_context(3), as is done by setfiles -c. The function is also responsible for reporting any such error, and may include the path and lineno in such error messages.

    set_matchpathcon_flags sets flags controlling the operation of matchpathcon_init or matchpathcon. If the MATCHPATHCON_BASEONLY flag is set, then only the base file contexts configuration file will be processed, not any dynamically generated entries or local customizations.

     

    RETURN VALUE

    Returns 0 on success or -1 otherwise.

     

    SEE ALSO

    freecon(3), setfilecon(3), setfscreatecon(3)

     

    Index

    NAME
    SYNOPSIS
    DESCRIPTION
    RETURN VALUE
    SEE ALSO

    Поиск по тексту MAN-ов: 




    Партнёры:
    PostgresPro
    Inferno Solutions
    Hosting by Hoster.ru
    Хостинг:

    Закладки на сайте
    Проследить за страницей     		Created 1996-2024 by Maxim Chirkov
    Добавить, Поддержать, Вебмастеру