Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   17783 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

selinux_file_context_verify(3)			selinux_file_context_verify(3)

NAME
       selinux_file_context_verify  -  Compare the SELinux security context on
       disk to the default security context required by the policy  file  con‐
       texts file

SYNOPSIS
       #include <selinux/selinux.h>

       int selinux_file_context_verify(const char *path, mode_t mode);

DESCRIPTION
       selinux_file_context_verify()  compares	the  context  of the specified
       path that is held on disk (in the extended attribute),  to  the	system
       default entry held in the file contexts series of files.

       The mode may be zero.

       Note  that  the two contexts are compared for "significant" differences
       (i.e. the user component of the contexts are ignored) as shown  in  the
       EXAMPLE section.

RETURN VALUE
       If the contexts significantly match, 1 (one) is returned.

       If  the	contexts do not match 0 (zero) is returned and errno is set to
       either ENOENT or EINVAL for the reasons listed in the  ERRORS  section,
       or if errno = 0 then the contexts did not match.

       On failure -1 is returned and errno set appropriately.

ERRORS
       ENOTSUP
	      if extended attributes are not supported by the file system.

       ENOENT if  there	 is  no	 entry in the file contexts series of files or
	      path does not exist.

       EINVAL if the entry in the file contexts series of files	 or  path  are
	      invalid, or the returned context fails validation.

       ENOMEM if attempt to allocate memory failed.

FILES
       The  following  configuration files (the file contexts series of files)
       supporting the active policy will be used (should they exist) to deter‐
       mine the path default context:

	      contexts/files/file_contexts - This file must exist.

	      contexts/files/file_contexts.local  -  If	 exists has local cus‐
	      tomizations.

	      contexts/files/file_contexts.homedirs - If exists has users home
	      directory customizations.

	      contexts/files/file_contexts.subs	 - If exists has substitutions
	      that are then applied to the 'in memory'	version	 of  the  file
	      contexts files.

EXAMPLE
       If the files context is:
	      unconfined_u:object_r:admin_home_t:s0

       and the default context defined in the file contexts file is:
	      system_u:object_r:admin_home_t:s0

       then the actual strings compared are:
	      :object_r:admin_home_t:s0 and :object_r:admin_home_t:s0

       Therefore they will match and selinux_file_context_verify() will return
       1.

SEE ALSO
       selinux(8)

SELinux API documentation	 08 March 2011	selinux_file_context_verify(3)

Vote for polarhome