man-pages/man3/selinux_file_context_verify.3.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of selinux_file_context_verify</TITLE>
</HEAD><BODY>
<H1>selinux_file_context_verify</H1>
Section: C Library Functions (3)<BR>Updated: 08 March 2011<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>

<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

selinux_file_context_verify - Compare the SELinux security context on disk to the default security context required by the policy file contexts file
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<B>#include &lt;<A HREF="file:///usr/include/selinux/selinux.h">selinux/selinux.h</A>&gt;</B>

<P>
<B>int selinux_file_context_verify(const char *</B><I>path</I><B>, mode_t </B><I>mode</I><B>);</B>

<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<B>selinux_file_context_verify</B>()

compares the context of the specified
<I>path</I>

that is held on disk (in the extended attribute), to the system default entry held in the file contexts series of files.
<P>
The
<I>mode</I>

may be zero.
<P>
Note that the two contexts are compared for &quot;significant&quot; differences (i.e. the user component of the contexts are ignored) as shown in the
<B>EXAMPLE</B>

section.
<A NAME="lbAE">&nbsp;</A>
<H2>RETURN VALUE</H2>

If the contexts significantly match, 1 (one) is returned.
<P>
If the contexts do not match 0 (zero) is returned and
<I>errno</I>

is set to either
<B>ENOENT</B>

or
<B>EINVAL</B>

for the reasons listed in the
<B>ERRORS</B>

section, or if
<I>errno</I>

= 0 then the contexts did not match.
<P>
On failure -1 is returned and
<I>errno</I>

set appropriately.
<A NAME="lbAF">&nbsp;</A>
<H2>ERRORS</H2>

<DL COMPACT>
<DT id="1"><B>ENOTSUP</B>

<DD>
if extended attributes are not supported by the file system.
<DT id="2"><B>ENOENT</B>

<DD>
if there is no entry in the file contexts series of files or
<I>path</I>

does not exist.
<DT id="3"><B>EINVAL</B>

<DD>
if the entry in the file contexts series of files or
<I>path</I>

are invalid, or the returned context fails validation.
<DT id="4"><B>ENOMEM</B>

<DD>
if attempt to allocate memory failed.
</DL>
<A NAME="lbAG">&nbsp;</A>
<H2>FILES</H2>

The following configuration files (the file contexts series of files) supporting the active policy will be used (should they exist) to determine the
<I>path</I>

default context:
<P>
<DL COMPACT><DT id="5"><DD>
<I>contexts/files/file_contexts</I>

- This file must exist.
<P>
<I>contexts/files/file_contexts.local</I>

- If exists has local customizations.
<P>
<I>contexts/files/file_contexts.homedirs</I>

- If exists has users home directory customizations.
<P>
<I>contexts/files/file_contexts.subs</I>

- If exists has substitutions that are then applied to the 'in memory' version of the file contexts files.
</DL>

<A NAME="lbAH">&nbsp;</A>
<H2>EXAMPLE</H2>

If the files context is:
<DL COMPACT><DT id="6"><DD>
unconfined_u:object_r:admin_home_t:s0
</DL>

<P>
and the default context defined in the file contexts file is:
<DL COMPACT><DT id="7"><DD>
system_u:object_r:admin_home_t:s0
</DL>

<P>
then the actual strings compared are:
<DL COMPACT><DT id="8"><DD>
:object_r:admin_home_t:s0 and :object_r:admin_home_t:s0
</DL>

<P>
Therefore they will match and
<B>selinux_file_context_verify</B>()

will return 1.
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>

<B><A HREF="/cgi-bin/man/man2html?8+selinux">selinux</A></B>(8)

<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="9"><A HREF="#lbAB">NAME</A><DD>
<DT id="10"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="11"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="12"><A HREF="#lbAE">RETURN VALUE</A><DD>
<DT id="13"><A HREF="#lbAF">ERRORS</A><DD>
<DT id="14"><A HREF="#lbAG">FILES</A><DD>
<DT id="15"><A HREF="#lbAH">EXAMPLE</A><DD>
<DT id="16"><A HREF="#lbAI">SEE ALSO</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:05:56 GMT, March 31, 2021
</BODY>
</HTML>