suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man3/getexeccon.3.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

174 lines
4.5 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of getexeccon</TITLE>
</HEAD><BODY>
<H1>getexeccon</H1>
Section: SELinux API documentation (3)<BR>Updated: 1 January 2004<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
getexeccon, setexeccon - get or set the SELinux security context used for executing a new process
<P>
rpm_execcon - run a helper for rpm in an appropriate security context
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>
<B>#include &lt;<A HREF="file:///usr/include/selinux/selinux.h">selinux/selinux.h</A>&gt;</B>
<P>
<B>int getexeccon(char **</B><I>context</I><B>);</B>
<P>
<B>int getexeccon_raw(char **</B><I>context</I><B>);</B>
<P>
<B>int setexeccon(char *</B><I>context</I><B>);</B>
<P>
<B>int setexeccon_raw(char *</B><I>context</I><B>);</B>
<P>
<B>int setexecfilecon(const char *</B><I>filename</I><B>, const char *</B><I>fallback_type</I><B>);</B>
<P>
<B>int rpm_execcon(unsigned int </B><I>verified</I><B>, const char *</B><I>filename</I><B>, char *const </B><I>argv</I><B>[] , char *const </B><I>envp</I><B>[]);</B>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>
<B>getexeccon</B>()
retrieves the context used for executing a new process.
This returned context should be freed with
<B><A HREF="/cgi-bin/man/man2html?3+freecon">freecon</A></B>(3)
if non-NULL.
<B>getexeccon</B>()
sets
<B>*</B><I>context</I>
to NULL if no exec context has been explicitly
set by the program (i.e. using the default policy behavior).
<P>
<B>setexeccon</B>()
sets the context used for the next
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2)
call.
NULL can be passed to
<B>setexeccon</B>()
to reset to the default policy behavior.
The exec context is automatically reset after the next
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2),
so a program doesn't need to explicitly sanitize it upon startup.
<P>
<B>setexeccon</B>()
can be applied prior to library
functions that internally perform an
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2),
e.g.
<B>execl</B>*(3),
<B>execv</B>*(3),
<B><A HREF="/cgi-bin/man/man2html?3+popen">popen</A></B>(3),
in order to set an exec context for that operation.
<P>
<B>getexeccon_raw</B>()
and
<B>setexeccon_raw</B>()
behave identically to their non-raw counterparts but do not perform context
translation.
<P>
<B>Note:</B>
Signal handlers that perform an
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2)
must take care to
save, reset, and restore the exec context to avoid unexpected behavior.
<P>
<B>setexecfilecon</B>()
sets the context used for the next
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2)
call, based on the policy for the
<I>filename</I>,
and falling back to a new context with a
<I>fallback_type</I>
in case there is no transition.
<P>
<B>rpm_execcon</B>()
is deprecated; please use
<B>setexecfilecon</B>()
in conjunction with
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2)
in all new code. This function
runs a helper for rpm in an appropriate security context. The
verified parameter should contain the return code from the signature
verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 ==
nottrusted, 4 == nokey), although this information is not yet used by
the function. The function determines the proper security context for
the helper based on policy, sets the exec context accordingly, and
then executes the specified filename with the provided argument and
environment arrays.
<A NAME="lbAE">&nbsp;</A>
<H2>RETURN VALUE</H2>
On error -1 is returned.
<P>
On success
<B>getexeccon</B>(),
<B>setexeccon</B>()
and
<B>setexecfilecon</B>()
return 0.
<B>rpm_execcon</B>()
only returns upon errors, as it calls
<B><A HREF="/cgi-bin/man/man2html?2+execve">execve</A></B>(2).
<A NAME="lbAF">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?8+selinux">selinux</A></B>(8), <B><A HREF="/cgi-bin/man/man2html?3+freecon">freecon</A></B>(3), <B><A HREF="/cgi-bin/man/man2html?3+getcon">getcon</A></B>(3)
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="1"><A HREF="#lbAB">NAME</A><DD>
<DT id="2"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="3"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="4"><A HREF="#lbAE">RETURN VALUE</A><DD>
<DT id="5"><A HREF="#lbAF">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:44 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink