selabel_media(category31-clients.html) - phpMan

selabel_media(5)           SELinux API documentation          selabel_media(5)

NAME
       selabel_media  - userspace SELinux labeling interface and configuration
       file format for the media contexts backend
SYNOPSIS
       #include <selinux/label.h>
       int selabel_lookup(struct selabel_handle *hnd,
                          char **context,
                          const char *device_name, int unused);
       int selabel_lookup_raw(struct selabel_handle *hnd,
                          char **context,
                          const char *device_name, int unused);
DESCRIPTION
       The media contexts backend maps from media device names such as "cdrom"
       or  "floppy" into security contexts. It is used to find the appropriate
       context for establishing context mounts on these devices. The  returned
       context must be freed using freecon(3).
       selabel_lookup(3)  describes  the  function  with  its return and error
       codes.
       The integer lookup argument is currently unused and should  be  set  to
       zero.
       Any  messages  generated  by  selabel_lookup(3)  are  sent to stderr by
       default, although this can be changed by selinux_set_callback(3).
       selabel_lookup_raw(3) behaves identically to selabel_lookup(3) but does
       not perform context translation.
       The FILES section details the configuration files used to determine the
       media context.
OPTIONS
       In addition to the global options described  in  selabel_open(3),  this
       backend recognizes the following options:
       SELABEL_OPT_PATH
              A non-null value for this option specifies a path to a file that
              will be opened in lieu of the standard media contexts file.
FILES
       The media context file used to retrieve a default  context  depends  on
       the SELABEL_OPT_PATH parameter passed to selabel_open(3). If NULL, then
       the SELABEL_OPT_PATH value will default to the active policy media con-
       texts  location  (as returned by selinux_media_context_path(3)), other-
       wise the actual SELABEL_OPT_PATH value specified is used.
       The default media contexts file is:
              /etc/selinux/{SELINUXTYPE}/contexts/files/media
       Where {SELINUXTYPE} is the entry from the  selinux  configuration  file
       config (see selinux_config(5)).
FILE FORMAT
       Each line within the media file is as follows:
              device_name context
       Where:
              device_name
                     The media identifier (e.g. cdrom, floppy, disk and usb).
              context
                     The context to be used for labeling the device.
       Example:
              # contexts/files/media
              cdrom system_u:object_r:removable_device_t
              floppy system_u:object_r:removable_device_t
              disk system_u:object_r:fixed_disk_device_t
NOTES
       If  contexts  are  to  be  validated,  then  the  global  option  SELA-
       BEL_OPT_VALIDATE must be set before calling selabel_open(3). If this is
       not set, then it is possible for an invalid context to be returned.
SEE ALSO
       selinux(8), selabel_open(3), selabel_lookup(3), selabel_stats(3),
       selabel_close(3), selinux_set_callback(3),
       selinux_media_context_path(3), freecon(3), selinux_config(5)

Security Enhanced Linux           29 Nov 2011                 selabel_media(5)