Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

setexeccon(3) [centos man page]

getexeccon(3)						     SELinux API documentation						     getexeccon(3)

NAME
getexeccon, setexeccon - get or set the SELinux security context used for executing a new process rpm_execcon - run a helper for rpm in an appropriate security context SYNOPSIS
#include <selinux/selinux.h> int getexeccon(security_context_t *context); int getexeccon_raw(security_context_t *context); int setexeccon(security_context_t context); int setexeccon_raw(security_context_t context); int rpm_execcon(unsigned int verified, const char *filename, char *const argv[] , char *const envp[]); DESCRIPTION
getexeccon() retrieves the context used for executing a new process. This returned context should be freed with freecon(3) if non-NULL. getexeccon() sets *context to NULL if no exec context has been explicitly set by the program (i.e. using the default policy behavior). setexeccon() sets the context used for the next execve(2) call. NULL can be passed to setexeccon() to reset to the default policy behav- ior. The exec context is automatically reset after the next execve(2), so a program doesn't need to explicitly sanitize it upon startup. setexeccon() can be applied prior to library functions that internally perform an execve(2), e.g. execl*(3), execv*(3), popen(3), in order to set an exec context for that operation. getexeccon_raw() and setexeccon_raw() behave identically to their non-raw counterparts but do not perform context translation. Note: Signal handlers that perform an execve(2) must take care to save, reset, and restore the exec context to avoid unexpected behavior. rpm_execcon() runs a helper for rpm in an appropriate security context. The verified parameter should contain the return code from the signature verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 == nottrusted, 4 == nokey), although this information is not yet used by the function. The function determines the proper security context for the helper based on policy, sets the exec context accordingly, and then executes the specified filename with the provided argument and environment arrays. RETURN VALUE
On error -1 is returned. On success getexeccon() and setexeccon() returns 0. rpm_execcon() only returns upon errors, as it calls execve(2). SEE ALSO
selinux(8), freecon(3), getcon(3) russell@coker.com.au 1 January 2004 getexeccon(3)

Check Out this Related Man Page

getexeccon(3)						     SELinux API documentation						     getexeccon(3)

NAME
getexeccon, setexeccon - get or set the SELinux security context used for executing a new process rpm_execcon - run a helper for rpm in an appropriate security context SYNOPSIS
#include <selinux/selinux.h> int getexeccon(security_context_t *context); int getexeccon_raw(security_context_t *context); int setexeccon(security_context_t context); int setexeccon_raw(security_context_t context); int rpm_execcon(unsigned int verified, const char *filename, char *const argv[] , char *const envp[]); DESCRIPTION
getexeccon() retrieves the context used for executing a new process. This returned context should be freed with freecon(3) if non-NULL. getexeccon() sets *context to NULL if no exec context has been explicitly set by the program (i.e. using the default policy behavior). setexeccon() sets the context used for the next execve(2) call. NULL can be passed to setexeccon() to reset to the default policy behav- ior. The exec context is automatically reset after the next execve(2), so a program doesn't need to explicitly sanitize it upon startup. setexeccon() can be applied prior to library functions that internally perform an execve(2), e.g. execl*(3), execv*(3), popen(3), in order to set an exec context for that operation. getexeccon_raw() and setexeccon_raw() behave identically to their non-raw counterparts but do not perform context translation. Note: Signal handlers that perform an execve(2) must take care to save, reset, and restore the exec context to avoid unexpected behavior. rpm_execcon() runs a helper for rpm in an appropriate security context. The verified parameter should contain the return code from the signature verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 == nottrusted, 4 == nokey), although this information is not yet used by the function. The function determines the proper security context for the helper based on policy, sets the exec context accordingly, and then executes the specified filename with the provided argument and environment arrays. RETURN VALUE
On error -1 is returned. On success getexeccon() and setexeccon() returns 0. rpm_execcon() only returns upon errors, as it calls execve(2). SEE ALSO
selinux(8), freecon(3), getcon(3) russell@coker.com.au 1 January 2004 getexeccon(3)
Man Page

Featured Tech Videos