selabel_open(3) SELinux API documentation selabel_open(3)NAME
selabel_open, selabel_close - userspace SELinux labeling interface.
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/label.h>
struct selabel_handle *selabel_open(int backend,
struct selinux_opt *options,
unsigned nopt);
void selabel_close(struct selabel_handle *hnd);
DESCRIPTION
selabel_open is used to initialize a labeling handle to be used for
lookup operations. The backend argument specifies which backend is to
be opened; the list of current backends appears in BACKENDS below.
The options argument should be NULL or a pointer to an array of
selinux_opt structures of length nopt:
struct selinux_opt {
int type;
union {
const char *value;
const char **values;
};
};
The available option types are described in GLOBAL OPTIONS below as
well as in the documentation for each individual backend. The return
value on success is a non-NULL value for use in subsequent label opera‐
tions.
selabel_close terminates use of a handle, freeing any internal
resources associated with it. After this call has been made, the han‐
dle must not be used again.
GLOBAL OPTIONS
Global options which may be passed to selabel_open include the follow‐
ing:
SELABEL_OPT_UNUSED
The option with a type code of zero is a no-op. Thus an array
of options may be initizalized to zero and any untouched ele‐
ments will not cause an error.
SELABEL_OPT_VALIDATE
A non-null value for this option enables context validation. By
default, security_check_context(3) is used; a custom validation
function can be provided via selinux_set_callback(3). Note that
an invalid context may not be treated as an error unless it is
actually encountered during a lookup operation.
SELABEL_OPT_SUBSET
A ":" separates string of path prefixes that tell the system to
only loads entries with regular expressions that could match
this strings. For example "/dev:/var/run:/tmp". This option can
cause the system to use less memory and work faster, but you
should only use paths that begin with a prefix.
SELABEL_OPT_PATH
A string representing an alternate path the the regular expres‐
sions.
BACKENDS
SELABEL_CTX_FILE
File contexts backend, described in selabel_file(5).
SELABEL_CTX_MEDIA
Media contexts backend, described in selabel_media(5).
SELABEL_CTX_X
X Windows contexts backend, described in selabel_x(5).
SELABEL_CTX_DB
Database objects contexts backend, described in selabel_db(5).
RETURN VALUE
A non-NULL handle value is returned on success. On error, NULL is
returned and errno is set appropriately.
AUTHOR
Eamon Walsh <ewalsh@tycho.nsa.gov>
SEE ALSOselabel_lookup(3), selabel_stats(3), selinux_set_callback(3),
selinux(8)
18 Jun 2007 selabel_open(3)