Unix/Linux Go Back    


CentOS 7.0 - man page for getexeccon (centos section 3)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


getexeccon(3)			    SELinux API documentation			    getexeccon(3)

NAME
       getexeccon,  setexeccon - get or set the SELinux security context used for executing a new
       process

       rpm_execcon - run a helper for rpm in an appropriate security context

SYNOPSIS
       #include <selinux/selinux.h>

       int getexeccon(security_context_t *context);

       int getexeccon_raw(security_context_t *context);

       int setexeccon(security_context_t context);

       int setexeccon_raw(security_context_t context);

       int rpm_execcon(unsigned int verified, const char *filename, char  *const  argv[]  ,  char
       *const envp[]);

DESCRIPTION
       getexeccon()  retrieves	the context used for executing a new process.  This returned con-
       text should be freed with freecon(3) if non-NULL.  getexeccon() sets *context to  NULL  if
       no  exec  context  has  been  explicitly set by the program (i.e. using the default policy
       behavior).

       setexeccon() sets the context used for the next execve(2) call.	NULL  can  be  passed  to
       setexeccon()  to  reset to the default policy behavior.	The exec context is automatically
       reset after the next execve(2), so a program doesn't need to explicitly sanitize  it  upon
       startup.

       setexeccon()  can  be  applied  prior  to  library  functions  that  internally perform an
       execve(2), e.g.	execl*(3), execv*(3), popen(3), in order to set an exec context for  that
       operation.

       getexeccon_raw() and setexeccon_raw() behave identically to their non-raw counterparts but
       do not perform context translation.

       Note: Signal handlers that perform an execve(2) must take care to save, reset, and restore
       the exec context to avoid unexpected behavior.

       rpm_execcon()  runs  a  helper  for  rpm in an appropriate security context.  The verified
       parameter should contain the return code from the signature verification (0 ==  ok,  1  ==
       notfound,  2 == verifyfail, 3 == nottrusted, 4 == nokey), although this information is not
       yet used by the function.  The function determines the proper  security	context  for  the
       helper based on policy, sets the exec context accordingly, and then executes the specified
       filename with the provided argument and environment arrays.

RETURN VALUE
       On error -1 is returned.

       On success getexeccon() and setexeccon()  returns  0.   rpm_execcon()  only  returns  upon
       errors, as it calls execve(2).

SEE ALSO
       selinux(8), freecon(3), getcon(3)

russell@coker.com.au			  1 January 2004			    getexeccon(3)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 01:48 AM.