|
NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | NOTES | SEE ALSO | COLOPHON |
selinux_restorecon_xattr(3)ELinux API documentationlinux_restorecon_xattr(3)
selinux_restorecon_xattr - manage default security.restorecon_last
extended attribute entries added by selinux_restorecon(3),
setfiles(8) or restorecon(8).
#include <selinux/restorecon.h>
int selinux_restorecon_xattr(const char *pathname,
unsigned int xattr_flags,
struct dir_xattr ***xattr_list);
selinux_restorecon_xattr() returns a linked list of dir_xattr
structures containing information described below based on:
pathname containing a directory tree to be searched for
security.restorecon_last extended attribute entries.
xattr_flags contains options as follows:
SELINUX_RESTORECON_XATTR_RECURSE recursively descend
directories.
SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS delete
non-matching digests from each directory in pathname.
SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS delete all
digests from each directory in pathname.
SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS do not read
/proc/mounts to obtain a list of non-seclabel mounts to
be excluded from the search.
Setting SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS is
useful where there is a non-seclabel fs mounted with a
seclabel fs mounted on a directory below this.
xattr_list is the returned pointer to a linked list of
dir_xattr structures, each containing the following
information:
struct dir_xattr {
char *directory;
char *digest; /* Printable hex encoded string */
enum digest_result result;
struct dir_xattr *next;
};
The result entry is enumerated as follows:
enum digest_result {
MATCH = 0,
NOMATCH,
DELETED_MATCH,
DELETED_NOMATCH,
ERROR
};
xattr_list must be set to NULL before calling
selinux_restorecon_xattr(3). The caller is responsible for
freeing the returned xattr_list entries in the linked list.
See the NOTES section for more information.
On success, zero is returned. On error, -1 is returned and errno is
set appropriately.
1. By default selinux_restorecon_xattr(3) will use the default set
of specfiles described in files_contexts(5) to calculate the
initial SHA1 digest to be used for comparision. To change this
default behavior selabel_open(3) must be called specifying the
required SELABEL_OPT_PATH and setting the SELABEL_OPT_DIGEST
option to a non-NULL value. selinux_restorecon_set_sehandle(3)
is then called to set the handle to be used by
selinux_restorecon_xattr(3).
2. By default selinux_restorecon_xattr(3) reads /proc/mounts to
obtain a list of non-seclabel mounts to be excluded from searches
unless the SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS flag has been
set.
3. RAMFS and TMPFS filesystems do not support the
security.restorecon_last extended attribute and are automatically
excluded from searches.
4. By default stderr is used to log output messages and errors. This
may be changed by calling selinux_set_callback(3) with the
SELINUX_CB_LOG type option.
selinux_restorecon(3)
selinux_restorecon_set_sehandle(3),
selinux_restorecon_default_handle(3),
selinux_restorecon_set_exclude_list(3),
selinux_restorecon_set_alt_rootpath(3),
selinux_set_callback(3)
This page is part of the selinux (Security-Enhanced Linux user-space
libraries and tools) project. Information about the project can be
found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you
have a bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩. This
page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2017-07-05. If you
discover any rendering problems in this HTML version of the page, or
you believe there is a better or more up-to-date source for the page,
or you have corrections or improvements to the information in this
COLOPHON (which is not part of the original manual page), send a mail
to man-pages@man7.org
30 July 2016 selinux_restorecon_xattr(3)
Pages that refer to this page: selinux_restorecon(3), selinux_restorecon_default_handle(3), selinux_restorecon_set_alt_rootpath(3), selinux_restorecon_set_exclude_list(3), selinux_restorecon_set_sehandle(3), selinux_restorecon_xattr(3)