getfilecon(3) SELinux API documentation getfilecon(3)
NAME
getfilecon, fgetfilecon, lgetfilecon - get SELinux security context of
a file
SYNOPSIS
#include <selinux/selinux.h>
int getfilecon(const char *path, char **con);
int getfilecon_raw(const char *path, char **con);
int lgetfilecon(const char *path, char **con);
int lgetfilecon_raw(const char *path, char **con);
int fgetfilecon(int fd, char **con);
int fgetfilecon_raw(int fd, char **con);
DESCRIPTION
getfilecon() retrieves the context associated with the given path in
the file system, the length of the context is returned. The context
should not be used in selinux_access_check as this function can return
a cached value, which is not suitable for access checking. It should
only be used to print translated value to the user.
lgetfilecon() is identical to getfilecon(), except in the case of a
symbolic link, where the link itself is interrogated, not the file that
it refers to.
fgetfilecon() is identical to getfilecon(), only the open file pointed
to by filedes (as returned by open(2)) is interrogated in place of
path.
getfilecon_raw(), lgetfilecon_raw() and fgetfilecon_raw() behave iden-
tically to their non-raw counterparts but do not perform context trans-
lation.
The returned context should be freed with freecon(3) if non-NULL.
RETURN VALUE
On success, a positive number is returned indicating the size of the
extended attribute value. On failure, -1 is returned and errno is set
appropriately.
If the context does not exist, or the process has no access to this
attribute, errno is set to ENODATA.
If extended attributes are not supported by the filesystem, or are dis-
abled, errno is set to ENOTSUP.
The errors documented for the stat(2) system call are also applicable
here.
SEE ALSO
selinux(8), freecon(3), setfilecon(3), setfscreatecon(3)
russell AT coker.au 1 January 2004 getfilecon(3)
Linux-Distributionen
Huschi als Linux-Admin