suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man3/getcon.3.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

199 lines
4.9 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of getcon</TITLE>
</HEAD><BODY>
<H1>getcon</H1>
Section: SELinux API documentation (3)<BR>Updated: 21 December 2011<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
getcon, getprevcon, getpidcon - get SELinux security context of a process
<P>
freecon, freeconary - free memory associated with SELinux security contexts
<P>
getpeercon - get security context of a peer socket
<P>
setcon - set current security context of a process
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>#include &lt;<A HREF="file:///usr/include/selinux/selinux.h">selinux/selinux.h</A>&gt;</B>
<P>
<B>int getcon(char **</B><I>context</I><B>);</B>
<P>
<B>int getcon_raw(char **</B><I>context</I><B>);</B>
<P>
<B>int getprevcon(char **</B><I>context</I><B>);</B>
<P>
<B>int getprevcon_raw(char **</B><I>context</I><B>);</B>
<P>
<B>int getpidcon(pid_t </B><I>pid</I><B>, char **</B><I>context</I><B>);</B>
<P>
<B>int getpidcon_raw(pid_t </B><I>pid</I><B>, char **</B><I>context</I><B>);</B>
<P>
<B>int getpeercon(int </B><I>fd</I><B>, char **</B><I>context</I><B>);</B>
<P>
<B>int getpeercon_raw(int </B><I>fd</I><B>, char **</B><I>context</I><B>);</B>
<P>
<B>void freecon(char *</B><I>con</I><B>);</B>
<P>
<B>void freeconary(char **</B><I>con</I><B>);</B>
<P>
<B>int setcon(char *</B><I>context</I><B>);</B>
<P>
<B>int setcon_raw(char *</B><I>context</I><B>);</B>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>getcon</B>()
retrieves the context of the current process, which must be free'd with
freecon.
<P>
<B>getprevcon</B>()
same as getcon but gets the context before the last exec.
<P>
<B>getpidcon</B>()
returns the process context for the specified PID.
<P>
<B>getpeercon</B>()
retrieves context of peer socket, and set
<B>*</B><I>context</I>
to refer to it, which must be free'd with
<B>freecon</B>().
<P>
<B>freecon</B>()
frees the memory allocated for a security context.
<P>
<B>freeconary</B>()
frees the memory allocated for a context array.
<P>
If
<I>con</I>
is NULL, no operation is performed.
<P>
<B>setcon</B>()
sets the current security context of the process to a new value. Note
that use of this function requires that the entire application be
trusted to maintain any desired separation between the old and new
security contexts, unlike exec-based transitions performed via
<B><A HREF="/cgi-bin/man/man2html?3+setexeccon">setexeccon</A></B>(3).
When possible, decompose your application and use
<B><A HREF="/cgi-bin/man/man2html?3+setexeccon">setexeccon</A></B>(3)
and
<B><A HREF="/cgi-bin/man/man2html?3+execve">execve</A></B>(3)
instead.
<P>
Since access to file descriptors is revalidated upon use by SELinux,
the new context must be explicitly authorized in the policy to use the
descriptors opened by the old context if that is desired. Otherwise,
attempts by the process to use any existing descriptors (including
<I>stdin</I>,
<I>stdout</I>,
and
<I>stderr</I>)
after performing the
<B>setcon</B>()
will fail.
<P>
A multi-threaded application can perform a
<B>setcon</B>()
prior to creating
any child threads, in which case all of the child threads will inherit
the new context. However, prior to Linux 2.6.28,
<B>setcon</B>()
would fail if there are any other
threads running in the same process since this would yield
an inconsistency among the security contexts of threads sharing
the same memory space. Since Linux 2.6.28,
<B>setcon()</B>
is permitted for threads within a multi-threaded process if the
new security context is bounded by the old security context, where
the bounded relation is defined through typebounds statements in the
policy and guarantees that the new security context has a subset of
the permissions of the old security context.
<P>
If the process was being ptraced at the time of the
<B>setcon</B>()
operation, ptrace permission will be revalidated against the new
context and the
<B>setcon</B>()
will fail if it is not allowed by policy.
<P>
<B>getcon_raw</B>(),
<B>getprevcon_raw</B>(),
<B>getpidcon_raw</B>(),
<B>getpeercon_raw</B>()
and
<B>setcon_raw</B>()
behave identically to their non-raw counterparts but do not perform context
translation.
<A NAME="lbAE">&nbsp;</A>
<H2>RETURN VALUE</H2>
On error -1 is returned. On success 0 is returned.
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?8+selinux">selinux</A></B>(8), <B><A HREF="/cgi-bin/man/man2html?3+setexeccon">setexeccon</A></B>(3)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="1"><A HREF="#lbAB">NAME</A><DD>
<DT id="2"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="3"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="4"><A HREF="#lbAE">RETURN VALUE</A><DD>
<DT id="5"><A HREF="#lbAF">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:44 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink