selabel_open(3) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | GLOBAL OPTIONS | BACKENDS | RETURN VALUE | AUTHOR | SEE ALSO | COLOPHON

selabel_open(3)         SELinux API documentation        selabel_open(3)

NAME         top

       selabel_open, selabel_close - userspace SELinux labeling
       interface

SYNOPSIS         top

       #include <selinux/selinux.h>
       #include <selinux/label.h>

       struct selabel_handle *selabel_open(unsigned int backend,
                                           const struct selinux_opt
                                           *options,
                                           unsigned nopt);

       void selabel_close(struct selabel_handle *hnd);

DESCRIPTION         top

       selabel_open() is used to initialize a labeling handle to be used
       for lookup operations.  The backend argument specifies which
       backend is to be opened; the list of current backends appears in
       BACKENDS below.

       The options argument should be NULL or a pointer to an array of
       selinux_opt structures of length nopt:

              struct selinux_opt {
                  int         type;
                  const char  *value;
              };

       The available option types are described in GLOBAL OPTIONS below
       as well as in the documentation for each individual backend.  The
       return value on success is a non-NULL value for use in subsequent
       label operations.

       selabel_close() terminates use of a handle, freeing any internal
       resources associated with it.  After this call has been made, the
       handle must not be used again.

GLOBAL OPTIONS         top

       Global options which may be passed to selabel_open() include the
       following:

       SELABEL_OPT_UNUSED
              The option with a type code of zero is a no-op.  Thus an
              array of options may be initizalized to zero and any
              untouched elements will not cause an error.

       SELABEL_OPT_VALIDATE
              A non-null value for this option enables context
              validation.  By default, security_check_context(3) is
              used; a custom validation function can be provided via
              selinux_set_callback(3).  Note that an invalid context may
              not be treated as an error unless it is actually
              encountered during a lookup operation.

       SELABEL_OPT_DIGEST
              A non-null value for this option enables the generation of
              an SHA1 digest of the spec files loaded as described in
              selabel_digest(3)

BACKENDS         top

       SELABEL_CTX_FILE
              File contexts backend, described in selabel_file(5).

       SELABEL_CTX_MEDIA
              Media contexts backend, described in selabel_media(5).

       SELABEL_CTX_X
              X Windows contexts backend, described in selabel_x(5).

       SELABEL_CTX_DB
              Database objects contexts backend, described in
              selabel_db(5).

RETURN VALUE         top

       A non-NULL handle value is returned on success.  On error, NULL
       is returned and errno is set appropriately.

AUTHOR         top

       Eamon Walsh <[email protected]>

SEE ALSO         top

       selabel_lookup(3), selabel_stats(3), selinux_set_callback(3),
       selinux(8)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-
       space libraries and tools) project.  Information about the
       project can be found at 
       ⟨https://github.com/SELinuxProject/selinux/wiki⟩.  If you have a
       bug report for this manual page, see
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
       This page was obtained from the project's upstream Git repository
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2024-06-14.  (At
       that time, the date of the most recent commit that was found in
       the repository was 2023-05-11.)  If you discover any rendering
       problems in this HTML version of the page, or you believe there
       is a better or more up-to-date source for the page, or you have
       corrections or improvements to the information in this COLOPHON
       (which is not part of the original manual page), send a mail to
       [email protected]

                               18 Jun 2007               selabel_open(3)

Pages that refer to this page: matchpathcon(3)selabel_digest(3)selabel_get_digests_all_partial_matches(3)selabel_lookup(3)selabel_lookup_best_match(3)selabel_partial_match(3)selabel_stats(3)selinux_restorecon(3)selinux_restorecon_default_handle(3)selinux_restorecon_set_sehandle(3)selinux_restorecon_xattr(3)selinux_set_callback(3)selabel_db(5)selabel_file(5)selabel_media(5)selabel_x(5)