set_matchpathcon_flags(3) SELinux API documentation set_matchpathcon_flags(3)NAME
set_matchpathcon_flags, set_matchpathcon_invalidcon, set_matchpath‐
con_printf - set flags controlling the operation of matchpathcon or
matchpathcon_index and configure the behaviour of validity checking and
error displaying.
SYNOPSIS
#include <selinux/selinux.h>
void set_matchpathcon_flags(unsigned int flags);
void set_matchpathcon_invalidcon(int (*f)(const char *path, unsigned
lineno, char * context));
void set_matchpathcon_printf(void (*f)(const char *fmt, ...));
DESCRIPTIONset_matchpathcon_flags sets the flags controlling the operation of
matchpathcon_init and subsequently matchpathcon_index or matchpathcon.
If the MATCHPATHCON_BASEONLY flag is set, then only the base file con‐
texts configuration file will be processed, not any dynamically gener‐
ated entries or local customizations.
set_matchpathcon_invalidcon sets the function used by matchpathcon_init
when checking the validity of a context in the file contexts configura‐
tion. If not set, then this defaults to a test based on secu‐
rity_check_context(3), which checks validity against the active policy
on a SELinux system. This can be set to instead perform checking based
on a binary policy file, e.g. using sepol_check_context(3), as is done
by setfiles -c. The function is also responsible for reporting any
such error, and may include the path and lineno in such error messages.
set_matchpathcon_printf sets the function used by matchpathcon_init
when displaying errors about the file contexts configuration. If not
set, then this defaults to fprintf(stderr, fmt, ...). This can be set
to redirect error reporting to a different destination.
RETURN VALUE
Returns zero on success or -1 otherwise.
SEE ALSOselinux(8), matchpathcon(3), matchpathcon_index(3), set_matchpath‐
con_invalidcon(3), set_matchpathcon_printf(3), freecon(3), setfile‐
con(3), setfscreatecon(3)sds@tycho.nsa.gov 21 November 2009 set_matchpathcon_flags(3)