getfscreatecon(3) SELinux API documentation getfscreatecon(3)
NAME
getfscreatecon, setfscreatecon - get or set the SELinux security con-
text used for creating a new file system object
SYNOPSIS
#include <selinux/selinux.h>
int getfscreatecon(char **con);
int getfscreatecon_raw(char **con);
int setfscreatecon(char *context);
int setfscreatecon_raw(char *context);
DESCRIPTION
getfscreatecon() retrieves the context used for creating a new file
system object. This returned context should be freed with freecon(3)
if non-NULL. getfscreatecon() sets *con to NULL if no fscreate context
has been explicitly set by the program (i.e. using the default policy
behavior).
setfscreatecon() sets the context used for creating a new file system
object. NULL can be passed to setfscreatecon() to reset to the default
policy behavior. The fscreate context is automatically reset after the
next execve(2), so a program doesn't need to explicitly sanitize it
upon startup.
setfscreatecon() can be applied prior to library functions that inter-
nally perform an file creation, in order to set an file context on the
objects.
getfscreatecon_raw() and setfscreatecon_raw() behave identically to
their non-raw counterparts but do not perform context translation.
Note: Signal handlers that perform a setfscreatecon() must take care to
save, reset, and restore the fscreate context to avoid unexpected be-
havior.
Note: Contexts are thread specific.
RETURN VALUE
On error -1 is returned. On success 0 is returned.
SEE ALSO
selinux(8), freecon(3), getcon(3), getexeccon(3)
russell@coker.com.au 1 January 2004 getfscreatecon(3)
Generated by dwww version 1.14 on Fri Jan 24 01:47:44 CET 2025.