Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

getcon(3) [sunos man page]

getcon(3)						     SELinux API documentation							 getcon(3)

NAME

       getcon, getprevcon, getpidcon - get SELinux security context of a process.

       freecon, freeconary - free memory associated with SELinux security contexts.

       getpeercon - get security context of a peer socket.

       setcon - set current security context of a process.

SYNOPSIS

       #include <selinux/selinux.h>

       int getcon(security_context_t *context);

       int getprevcon(security_context_t *context);

       int getpidcon(pid_t pid, security_context_t *context);

       int getpeercon(int fd, security_context_t *context);

       void freecon(security_context_t con);

       void freeconary(security_context_t *con);

       int setcon(security_context_t context);

DESCRIPTION

       getcon retrieves the context of the current process, which must be free'd with freecon.

       getprevcon same as getcon but gets the context before the last exec.

       getpidcon returns the process context for the specified PID.

       getpeercon retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.

       freecon frees the memory allocated for a security context.

       freeconary frees the memory allocated for a context array.

       If con is NULL, no operation is performed.

       setcon  sets  the current security context of the process to a new value.  Note that use of this function requires that the entire applica-
       tion be trusted to maintain any desired separation between the old and new security contexts, unlike exec-based transitions  performed  via
       setexeccon(3).  When possible, decompose your application and use setexeccon() and execve() instead.

       Since access to file descriptors is revalidated upon use by SELinux, the new context must be explicitly authorized in the policy to use the
       descriptors opened by the old context if that is desired.  Otherwise, attempts by the process to use any  existing  descriptors	(including
       stdin, stdout, and stderr) after performing the setcon() will fail.

       A  multi-threaded  application  can  perform  a	setcon()  prior to creating any child threads, in which case all of the child threads will
       inherit the new context.  However, setcon() will fail if there are any other threads running in the same process.

       If the process was being ptraced at the time of the setcon() operation, ptrace permission will be revalidated against the new  context  and
       the setcon() will fail if it is not allowed by policy.

RETURN VALUE

       On error -1 is returned.  On success 0 is returned.

SEE ALSO

       selinux(8), setexeccon(3)

russell@coker.com.au						 21 December 2011							 getcon(3)

Check Out this Related Man Page

getcon(3)						     SELinux API documentation							 getcon(3)

NAME

       getcon, getprevcon, getpidcon - get SELinux security context of a process.

       freecon, freeconary - free memory associated with SELinux security contexts.

       getpeercon - get security context of a peer socket.

       setcon - set current security context of a process.

SYNOPSIS

       #include <selinux/selinux.h>

       int getcon(security_context_t *context);

       int getprevcon(security_context_t *context);

       int getpidcon(pid_t pid, security_context_t *context);

       int getpeercon(int fd, security_context_t *context);

       void freecon(security_context_t con);

       void freeconary(security_context_t *con);

       int setcon(security_context_t context);

DESCRIPTION

       getcon retrieves the context of the current process, which must be free'd with freecon.

       getprevcon same as getcon but gets the context before the last exec.

       getpidcon returns the process context for the specified PID.

       getpeercon retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.

       freecon frees the memory allocated for a security context.

       freeconary frees the memory allocated for a context array.

       If con is NULL, no operation is performed.

       setcon  sets  the current security context of the process to a new value.  Note that use of this function requires that the entire applica-
       tion be trusted to maintain any desired separation between the old and new security contexts, unlike exec-based transitions  performed  via
       setexeccon(3).  When possible, decompose your application and use setexeccon() and execve() instead.

       Since access to file descriptors is revalidated upon use by SELinux, the new context must be explicitly authorized in the policy to use the
       descriptors opened by the old context if that is desired.  Otherwise, attempts by the process to use any  existing  descriptors	(including
       stdin, stdout, and stderr) after performing the setcon() will fail.

       A  multi-threaded  application  can  perform  a	setcon()  prior to creating any child threads, in which case all of the child threads will
       inherit the new context.  However, setcon() will fail if there are any other threads running in the same process.

       If the process was being ptraced at the time of the setcon() operation, ptrace permission will be revalidated against the new  context  and
       the setcon() will fail if it is not allowed by policy.

RETURN VALUE

       On error -1 is returned.  On success 0 is returned.

SEE ALSO

       selinux(8), setexeccon(3)

russell@coker.com.au						 21 December 2011							 getcon(3)
Man Page