CentOS 7.0 - man page for getkeycreatecon (centos section 3)
|Linux & Unix Commands - Search Man Pages
getkeycreatecon(3) SELinux API documentation getkeycreatecon(3)
getkeycreatecon, setkeycreatecon - get or set the SELinux security context used for creat-
ing a new kernel keyrings
int getkeycreatecon(security_context_t *con);
int getkeycreatecon_raw(security_context_t *con);
int setkeycreatecon(security_context_t context);
int setkeycreatecon_raw(security_context_t context);
getkeycreatecon() retrieves the context used for creating a new kernel keyring. This
returned context should be freed with freecon(3) if non-NULL. getkeycreatecon() sets *con
to NULL if no keycreate context has been explicitly set by the program (i.e. using the
default policy behavior).
setkeycreatecon() sets the context used for creating a new kernel keyring. NULL can be
passed to setkeycreatecon() to reset to the default policy behavior. The keycreate con-
text is automatically reset after the next execve(2), so a program doesn't need to explic-
itly sanitize it upon startup.
setkeycreatecon() can be applied prior to library functions that internally perform an
file creation, in order to set an file context on the objects.
getkeycreatecon_raw() and setkeycreatecon_raw() behave identically to their non-raw coun-
terparts but do not perform context translation.
Note: Signal handlers that perform a setkeycreatecon() must take care to save, reset, and
restore the keycreate context to avoid unexpected behavior.
Note: Contexts are thread specific.
On error -1 is returned. On success 0 is returned.
selinux(8), freecon(3), getcon(3), getexeccon(3)
email@example.com 9 September 2008 getkeycreatecon(3)
All times are GMT -4. The time now is 12:26 PM.