Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   26626 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

selabel_db(5)		   SELinux API documentation		 selabel_db(5)

NAME
       selabel_db  - userspace SELinux labeling interface: DB objects contexts
       backend.

SYNOPSIS
       #include <selinux/selinux.h>

       #include <selinux/label.h>

       int selabel_lookup(struct selabel_handle *hnd,
			  security_context_t *context,

			  const char *object_name, int object_type);

DESCRIPTION
       The DB contexts backend maps from a pair of object name and class  into
       security contexts. It is used to find the appropriate context for data‐
       base objects when relabeling a certain database.

       The object_name should be fully qualified name using the	 hierarchy  of
       database	 objects.   For	 example,  the	pg_class table in the postgres
       database and pg_catalog schema should be qualified as postgres.pg_cata‐
       log.pg_class .

       The object_type argument should be set to one of the following values:

       SELABEL_DB_DATABASE
	      The  object_name	argument  specifies  the  name	of  a database
	      itself, such as "postgres".

       SELABEL_DB_SCHEMA
	      The object_name argument specifies the name of a schema  object,
	      such as "postgres.public".

       SELABEL_DB_TABLE
	      The  object_name	argument specifies the name of a table object,
	      such as "postgres.public.my_table"

       SELABEL_DB_COLUMN
	      The object_name argument specifies the name of a column  object,
	      such as "postgres.public.my_table.user_id"

       SELABEL_DB_TUPLE
	      The  object_name	argument  specifies the name of a table object
	      which contains the  tuples  to  be  relabeled,  such  as	"post‐
	      gresql.public.my_table".	Note  that  we have no way to identify
	      individual tuple objects, except for WHERE clause on DML	state‐
	      ments, because it has no name.

       SELABEL_DB_PROCEDURE
	      The  object_name	argument  specifies  the  name	of a procedure
	      object, such as "postgres.public.my_func". Note  that  we	 don't
	      support  to  lookup individual security contexts for each proce‐
	      dures which have same name but different arguments.

       SELABEL_DB_SEQUENCE
	      The object_name  argument	 specifies  the	 name  of  a  sequence
	      object, such as "postgres.public.my_seq".

       SELABEL_DB_BLOB
	      The  object_name	argument specifies the name of a large object,
	      such as "postgres.16308".	 Note that a  large  object  does  not
	      have its name, so it is identified by its identifier value.

OPTIONS
       In  addition  to	 the global options described in selabel_open(3), this
       backend recognizes the following options:

       SELABEL_OPT_PATH
	      A non-null value for this option specifies a path to a file that
	      will  be	opened	in  lieu of the standard DB contexts file.  It
	      tries to open the specfile designed  for	SE-PostgreSQL  in  the
	      default,	so  if	another RDBMS uses this interface, it needs to
	      give an explicit specfile designed for the RDBMS.

SEE ALSO
       selabel_open(3), selabel_lookup(3), selabel_stats(3), selinux(8)

				  22 Nov 2009			 selabel_db(5)

Vote for polarhome