setcon man page on CentOS

Man page or keyword search:  
man Server   8420 pages
apropos Keyword Search (all sections)
Output format
CentOS logo
[printable version]

getcon(3)		   SELinux API documentation		     getcon(3)

NAME
       getcon,	getprevcon,  getpidcon	-  get	SELinux	 security context of a
       process.

       getpeercon - get security context of a peer socket.

       setcon - set current security context of a process.

SYNOPSIS
       #include <selinux/selinux.h>

       int getcon(security_context_t *context);

       int getprevcon(security_context_t *context);

       int getpidcon(pid_t pid, security_context_t *context);

       int getpeercon(int fd, security_context_t *context);

       int setcon(security_context_t context);

DESCRIPTION
       getcon retrieves the context of the  current  process,  which  must  be
       free'd with freecon.

       getprevcon same as getcon but gets the context before the last exec.

       getpidcon returns the process context for the specified PID.

       getpeercon  retrieves context of peer socket, and set *context to refer
       to it, which must be free'd with freecon.

       setcon sets the current security context of the process to a new value.
       Note  that use of this function requires that the entire application be
       trusted to maintain any desired separation  between  the	 old  and  new
       security contexts, unlike exec-based transitions performed via setexec‐
       con(3).	When possible, decompose your applicaiton and use setexeccon()
       and execve() instead.

       Since  access  to  file descriptors is revalidated upon use by SELinux,
       the new context must be explicitly authorized in the policy to use  the
       descriptors  opened  by the old context if that is desired.  Otherwise,
       attempts by the process to  use	any  existing  descriptors  (including
       stdin, stdout, and stderr) after performing the setcon() will fail.

       A  multi-threaded  application can perform a setcon() prior to creating
       any child threads, in which case all of the child threads will  inherit
       the  new	 context.   However, setcon() will fail if there are any other
       threads running in the same process.

       If the process was being ptraced at the time of the setcon() operation,
       ptrace  permission  will be revalidated against the new context and the
       setcon() will fail if it is not allowed by policy.

RETURN VALUE
       On error -1 is returned.	 On success 0 is returned.

SEE ALSO
       selinux(8), freecon(3), setexeccon(3)

russell@coker.com.au		1 January 2004			     getcon(3)
[top]

List of man pages available for CentOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net