rpms / selinux-policy

Clone
Source Code
GIT

Blame libselinux/man/man3/getcon.3

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   daff1dc5af34acb1c60e7e433e349509acd25943
  2.   libselinux
  3.   man
  4.   man3
  5.   getcon.3
Blob History Raw
Chris PeBenito 473ea7 
.TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"
Chris PeBenito 473ea7 
.SH "NAME"
Chris PeBenito 473ea7 
getcon, getprevcon, getpidcon \- get SE Linux security context of a process.
Chris PeBenito 473ea7 
.br
Chris PeBenito 473ea7 
getpeercon - get security context of a peer socket.
Chris PeBenito 473ea7 
.br
Chris PeBenito 473ea7 
setcon - set current security context of a process.
Chris PeBenito 473ea7 
.SH "SYNOPSIS"
Chris PeBenito 473ea7 
.B #include <selinux/selinux.h>
Chris PeBenito 473ea7 
.sp
Chris PeBenito 473ea7 
.BI "int getcon(security_context_t *" context );
Chris PeBenito 473ea7 
.br
Chris PeBenito 473ea7 
.BI "int getprevcon(security_context_t *" context );
Chris PeBenito 473ea7 
.br
Chris PeBenito 473ea7 
.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
Chris PeBenito 473ea7 
.br
Chris PeBenito 473ea7 
.BI "int getpeercon(int " fd ", security_context_t *" context);
Chris PeBenito 473ea7 
.br
Chris PeBenito 473ea7 
.BI "int setcon(security_context_t " context);
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
.SH "DESCRIPTION"
Chris PeBenito 473ea7 
.B getcon
Chris PeBenito 473ea7 
retrieves the context of the current process, which must be free'd with
Chris PeBenito 473ea7 
freecon.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
.B getprevcon
Chris PeBenito 473ea7 
same as getcon but gets the context before the last exec.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
.B getpidcon
Chris PeBenito 473ea7 
returns the process context for the specified PID.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
.B getpeercon
Chris PeBenito 473ea7 
retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
.B setcon
Chris PeBenito 473ea7 
sets the current security context of the process to a new value.  Note
Chris PeBenito 473ea7 
that use of this function requires that the entire application be
Chris PeBenito 473ea7 
trusted to maintain any desired separation between the old and new
Chris PeBenito 473ea7 
security contexts, unlike exec-based transitions performed via
Chris PeBenito 473ea7 
setexeccon(3).  When possible, decompose your applicaiton and use
Chris PeBenito 473ea7 
setexeccon() and execve() instead.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
Since access to file descriptors is revalidated upon use by SELinux,
Chris PeBenito 473ea7 
the new context must be explicitly authorized in the policy to use the
Chris PeBenito 473ea7 
descriptors opened by the old context if that is desired.  Otherwise,
Chris PeBenito 473ea7 
attempts by the process to use any existing descriptors (including
Chris PeBenito 473ea7 
stdin, stdout, and stderr) after performing the setcon() will fail.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
A multi-threaded application can perform a setcon() prior to creating
Chris PeBenito 473ea7 
any child threads, in which case all of the child threads will inherit
Chris PeBenito 473ea7 
the new context.  However, setcon() will fail if there are any other
Chris PeBenito 473ea7 
threads running in the same process.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
If the process was being ptraced at the time of the setcon()
Chris PeBenito 473ea7 
operation, ptrace permission will be revalidated against the new
Chris PeBenito 473ea7 
context and the setcon() will fail if it is not allowed by policy.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
.SH "RETURN VALUE"
Chris PeBenito 473ea7 
On error -1 is returned.  On success 0 is returned.
Chris PeBenito 473ea7
Chris PeBenito 473ea7 
.SH "SEE ALSO"
Chris PeBenito 473ea7 
.BR freecon "(3), " setexeccon "(3)"

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation