selabel_open(3) — Linux manual page
selabel_open(3) SELinux API documentation selabel_open(3)
NAME
selabel_open, selabel_close - userspace SELinux labeling
interface
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/label.h>
struct selabel_handle *selabel_open(unsigned int backend,
const struct selinux_opt
*options,
unsigned nopt);
void selabel_close(struct selabel_handle *hnd);
DESCRIPTION
selabel_open() is used to initialize a labeling handle to be used
for lookup operations. The backend argument specifies which
backend is to be opened; the list of current backends appears in
BACKENDS below.
The options argument should be NULL or a pointer to an array of
selinux_opt structures of length nopt:
struct selinux_opt {
int type;
const char *value;
};
The available option types are described in GLOBAL OPTIONS below
as well as in the documentation for each individual backend. The
return value on success is a non-NULL value for use in subsequent
label operations.
selabel_close() terminates use of a handle, freeing any internal
resources associated with it. After this call has been made, the
handle must not be used again.
GLOBAL OPTIONS
Global options which may be passed to selabel_open() include the
following:
SELABEL_OPT_UNUSED
The option with a type code of zero is a no-op. Thus an
array of options may be initizalized to zero and any
untouched elements will not cause an error.
SELABEL_OPT_VALIDATE
A non-null value for this option enables context
validation. By default, security_check_context(3) is
used; a custom validation function can be provided via
selinux_set_callback(3). Note that an invalid context may
not be treated as an error unless it is actually
encountered during a lookup operation.
SELABEL_OPT_DIGEST
A non-null value for this option enables the generation of
an SHA1 digest of the spec files loaded as described in
selabel_digest(3)
BACKENDS
SELABEL_CTX_FILE
File contexts backend, described in selabel_file(5).
SELABEL_CTX_MEDIA
Media contexts backend, described in selabel_media(5).
SELABEL_CTX_X
X Windows contexts backend, described in selabel_x(5).
SELABEL_CTX_DB
Database objects contexts backend, described in
selabel_db(5).
RETURN VALUE
A non-NULL handle value is returned on success. On error, NULL
is returned and errno is set appropriately.
AUTHOR
Eamon Walsh <ewalsh@tycho.nsa.gov>
SEE ALSO
selabel_lookup(3), selabel_stats(3), selinux_set_callback(3),
selinux(8)
COLOPHON
This page is part of the selinux (Security-Enhanced Linux user-
space libraries and tools) project. Information about the
project can be found at
⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a
bug report for this manual page, see
⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/SELinuxProject/selinux⟩ on 2024-06-14. (At
that time, the date of the most recent commit that was found in
the repository was 2023-05-11.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
man-pages@man7.org
18 Jun 2007 selabel_open(3)
Pages that refer to this page: matchpathcon(3), selabel_digest(3), selabel_get_digests_all_partial_matches(3), selabel_lookup(3), selabel_lookup_best_match(3), selabel_partial_match(3), selabel_stats(3), selinux_restorecon(3), selinux_restorecon_default_handle(3), selinux_restorecon_set_sehandle(3), selinux_restorecon_xattr(3), selinux_set_callback(3), selabel_db(5), selabel_file(5), selabel_media(5), selabel_x(5)