selabel_open(3) SELinux API documentation selabel_open(3)NAME
selabel_open, selabel_close - userspace SELinux labeling interface
SYNOPSIS
#include <selinux/selinux.h>
#include <selinux/label.h>
struct selabel_handle *selabel_open(int backend,
struct selinux_opt *options,
unsigned nopt);
void selabel_close(struct selabel_handle *hnd);
DESCRIPTIONselabel_open() is used to initialize a labeling handle to be used for
lookup operations. The backend argument specifies which backend is to
be opened; the list of current backends appears in BACKENDS below.
The options argument should be NULL or a pointer to an array of
selinux_opt structures of length nopt:
struct selinux_opt {
int type;
const char *value;
};
The available option types are described in GLOBAL OPTIONS below as
well as in the documentation for each individual backend. The return
value on success is a non-NULL value for use in subsequent label opera‐
tions.
selabel_close() terminates use of a handle, freeing any internal
resources associated with it. After this call has been made, the han‐
dle must not be used again.
GLOBAL OPTIONS
Global options which may be passed to selabel_open() include the fol‐
lowing:
SELABEL_OPT_UNUSED
The option with a type code of zero is a no-op. Thus an array
of options may be initizalized to zero and any untouched ele‐
ments will not cause an error.
SELABEL_OPT_VALIDATE
A non-null value for this option enables context validation. By
default, security_check_context(3) is used; a custom validation
function can be provided via selinux_set_callback(3). Note that
an invalid context may not be treated as an error unless it is
actually encountered during a lookup operation.
BACKENDS
SELABEL_CTX_FILE
File contexts backend, described in selabel_file(5).
SELABEL_CTX_MEDIA
Media contexts backend, described in selabel_media(5).
SELABEL_CTX_X
X Windows contexts backend, described in selabel_x(5).
SELABEL_CTX_DB
Database objects contexts backend, described in selabel_db(5).
RETURN VALUE
A non-NULL handle value is returned on success. On error, NULL is
returned and errno is set appropriately.
AUTHOR
Eamon Walsh <ewalsh@tycho.nsa.gov>
SEE ALSOselabel_lookup(3), selabel_stats(3), selinux_set_callback(3),
selinux(8)
18 Jun 2007 selabel_open(3)