.TH "getfscreatecon" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation"

.SH "NAME"

getfscreatecon, setfscreatecon \- get or set the SE Linux security context used for creating a new file system object.

.SH "SYNOPSIS"

.B #include <selinux/selinux.h>

.sp

.BI "int getfscreatecon(security_context_t *" con );

.br 

.BI "int setfscreatecon(security_context_t "context );

.SH "DESCRIPTION"

.B getfscreatecon

retrieves the context used for creating a new file system object.

This returned context should be freed with freecon if non-NULL.  

getfscreatecon sets *con to NULL if no fscreate context has been explicitly 

set by the program (i.e. using the default policy behavior).

.B setfscreatecon

sets the context used for creating a new file system object.

NULL can be passed to

setfscreatecon to reset to the default policy behavior.  

The fscreate context is automatically reset after the next execve, so a

program doesn't need to explicitly sanitize it upon startup.  

.br

setfscreatecon can be applied prior to library

functions that internally perform an file creation,

in order to set an file context on the objects.

.br

Note: Signal handlers that perform an setfscreate must take care to

save, reset, and restore the fscreate context to avoid unexpected behaviors.

.SH "RETURN VALUE"

On error -1 is returned.

On success getfscreatecon returns the length of the context (not including

the trailing zero byte).  On success setfscreatecon returns 0.

.SH "SEE ALSO"

.BR freecon "(3), " getcon "(3), " getexeccon "(3)"