Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

matchpathcon(8) [centos man page]

matchpathcon(8) 					SELinux Command Line documentation					   matchpathcon(8)

matchpathcon - get the default SELinux security context for the specified path from the file contexts configuration SYNOPSIS
matchpathcon [-V] [-N] [-n] [-m type] [-f file_contexts_file] [-p prefix] [-P policy_root_path] filepath... DESCRIPTION
matchpathcon queries the system policy and outputs the default security context associated with the filepath. Note: Identical paths can have different security contexts, depending on the file type (regular file, directory, link file, char file ...). matchpathcon will also take the file type into consideration in determining the default security context if the file exists. If the file does not exist, no file type matching will occur. OPTIONS
-m type Force file type for the lookup. Valid types are file, dir, pipe, chr_file, blk_file, lnk_file, sock_file. -n Do not display path. -N Do not use translations. -f file_context_file Use alternate file_context file -p prefix Use prefix to speed translations -P policy_root_path Use alternate policy root path -V Verify file context on disk matches defaults AUTHOR
This manual page was written by Dan Walsh <>. SEE ALSO
selinux(8), matchpathcon(3) 21 April 2005 matchpathcon(8)

Check Out this Related Man Page

matchpathcon(3) 					     SELinux API documentation						   matchpathcon(3)

matchpathcon, matchpathcon_index - get the default SELinux security context for the specified path from the file contexts configuration. SYNOPSIS
#include <selinux/selinux.h> int matchpathcon_init(const char *path); int matchpathcon_init_prefix(const char *path, const char *subset); int matchpathcon_fini(void); int matchpathcon(const char *path, mode_t mode, security_context_t *con); int matchpathcon_index(const char *name, mode_t mode, security_context_t * con); DESCRIPTION
matchpathcon_init loads the file contexts configuration specified by path into memory for use by subsequent matchpathcon calls. If path is NULL, then the active file contexts configuration is loaded by default, i.e. the path returned by selinux_file_context_path(3). Unless the MATCHPATHCON_BASEONLY flag has been set via set_matchpathcon_flags(3), files with the same path prefix but a .homedirs and .local suffix are also looked up and loaded if present. These files provide dynamically generated entries for user home directories and for local cus- tomizations. matchpathcon_init_prefix is the same as matchpathcon_init but only loads entries with regular expressions that have stems prefixed by pre- fix. matchpathcon_fini frees the memory allocated by a prior call to matchpathcon_init. This function can be used to free and reset the inter- nal state between multiple matchpathcon_init calls, or to free memory when finished using matchpathcon. matchpathcon matches the specified pathname and mode against the file contexts configuration and sets the security context con to refer to the resulting context. The caller must free the returned security context con using freecon(3) when finished using it. mode can be 0 to disable mode matching, but should be provided whenever possible, as it may affect the matching. Only the file format bits (i.e. the file type) of the mode are used. If matchpathcon_init has not already been called, then this function will call it upon its first invocation with a NULL path, defaulting to the active file contexts configuration. matchpathcon_index is the same as matchpathcon but returns a specification index that can later be used in a matchpathcon_filespec_add(3) call. RETURN VALUE
Returns zero on success or -1 otherwise. SEE ALSO
selinux(8), set_matchpathcon_flags(3), set_matchpathcon_invalidcon(3), set_matchpathcon_printf(3), matchpathcon_filespec_add(3), matchpath- con_checkmatches(3), freecon(3), setfilecon(3), setfscreatecon(3) 21 November 2009 matchpathcon(3)
Man Page