getkeycreatecon_raw(category27-allgemeinwissen.html) - phpMan

getkeycreatecon(3)         SELinux API documentation        getkeycreatecon(3)

NAME
       getkeycreatecon, setkeycreatecon - get or set the SELinux security con-
       text used for creating a new kernel keyrings
SYNOPSIS
       #include <selinux/selinux.h>
       int getkeycreatecon(char **con);
       int getkeycreatecon_raw(char **con);
       int setkeycreatecon(char * context);
       int setkeycreatecon_raw(char * context);
DESCRIPTION
       getkeycreatecon() retrieves the context used for creating a new  kernel
       keyring.  This returned context should be freed with freecon(3) if non-
       NULL.  getkeycreatecon() sets *con to NULL if no keycreate context  has
       been  explicitly  set  by  the  program  (i.e. using the default policy
       behavior).
       setkeycreatecon() sets the context  used  for  creating  a  new  kernel
       keyring.   NULL  can  be  passed  to  setkeycreatecon() to reset to the
       default policy behavior.  The keycreate context is automatically  reset
       after the next execve(2), so a program doesn't need to explicitly sani-
       tize it upon startup.
       setkeycreatecon() can be applied prior to library functions that inter-
       nally  perform an file creation, in order to set an file context on the
       objects.
       getkeycreatecon_raw() and setkeycreatecon_raw() behave  identically  to
       their non-raw counterparts but do not perform context translation.
       Note:  Signal  handlers that perform a setkeycreatecon() must take care
       to save, reset, and restore the keycreate context to  avoid  unexpected
       behavior.
       Note: Contexts are thread specific.
RETURN VALUE
       On error -1 is returned.  On success 0 is returned.
SEE ALSO
       selinux(8), freecon(3), getcon(3), getexeccon(3)

dwalsh AT redhat.com              9 September 2008             getkeycreatecon(3)