setfscreatecon

a b c d e f g h i j k l m n o p q r s t u v w x y z _
getfscreatecon(3)	  SE Linux API documentation	    getfscreatecon(3)



NAME
       getfscreatecon, setfscreatecon - get or set the SE Linux security con-
       text used for creating a new file system object.


SYNOPSIS
       #include <selinux/selinux.h>

       int getfscreatecon(security_context_t *con);
       int setfscreatecon(security_context_t context);


DESCRIPTION
       getfscreatecon retrieves the context used for creating a new file sys-
       tem  object.   This  returned  context should be freed with freecon if
       non-NULL.  getfscreatecon sets *con to NULL if no fscreate context has
       been  explicitly	 set  by  the  program (i.e. using the default policy
       behavior).

       setfscreatecon sets the context used for creating a  new	 file  system
       object.	 NULL can be passed to setfscreatecon to reset to the default
       policy behavior.	 The fscreate context is  automatically	 reset	after
       the  next  execve, so a program doesn’t need to explicitly sanitize it
       upon startup.
       setfscreatecon can be applied prior to library functions	 that  inter-
       nally perform an file creation, in order to set an file context on the
       objects.

       Note: Signal handlers that perform an setfscreate must  take  care  to
       save,  reset,  and  restore  the	 fscreate context to avoid unexpected
       behaviors.

RETURN VALUE
       On error -1 is returned.

       On success getfscreatecon returns  the  length  of  the	context	 (not
       including  the trailing zero byte).  On success setfscreatecon returns
       0.


SEE ALSO
       freecon(3), getcon(3), getexeccon(3)



russell@coker.com.au		1 January 2004		    getfscreatecon(3)