selinux_restorecon_xattr(3) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | RETURN VALUE | NOTES | SEE ALSO | COLOPHON

selinux_restorecon_xattr(3)ELinux API documentationlinux_restorecon_xattr(3)

NAME         top

       selinux_restorecon_xattr  -  manage  default security.sehash extended
       attribute entries  added  by  selinux_restorecon(3),  setfiles(8)  or
       restorecon(8).

SYNOPSIS         top

       #include <selinux/restorecon.h>

       int selinux_restorecon_xattr(const char *pathname,
                              unsigned int xattr_flags,
                              struct dir_xattr ***xattr_list);

DESCRIPTION         top

       selinux_restorecon_xattr() returns a linked list of dir_xattr
       structures containing information described below based on:

              pathname containing a directory tree to be searched for
              security.sehash extended attribute entries.

              xattr_flags contains options as follows:

                     SELINUX_RESTORECON_XATTR_RECURSE recursively descend
                     directories.

                     SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS delete
                     non-matching digests from each directory in pathname.

                     SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS delete all
                     digests from each directory in pathname.

                     SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS do not read
                     /proc/mounts to obtain a list of non-seclabel mounts to
                     be excluded from the search.
                     Setting SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS is
                     useful where there is a non-seclabel fs mounted with a
                     seclabel fs mounted on a directory below this.

              xattr_list is the returned pointer to a linked list of
              dir_xattr structures, each containing the following
              information:

                     struct dir_xattr {
                         char *directory;
                         char *digest;    /* Printable hex encoded string */
                         enum digest_result result;
                         struct dir_xattr *next;
                     };

              The result entry is enumerated as follows:
                     enum digest_result {
                         MATCH = 0,
                         NOMATCH,
                         DELETED_MATCH,
                         DELETED_NOMATCH,
                         ERROR
                     };

              xattr_list must be set to NULL before calling
              selinux_restorecon_xattr(3).  The caller is responsible for
              freeing the returned xattr_list entries in the linked list.

       See the NOTES section for more information.

RETURN VALUE         top

       On success, zero is returned.  On error, -1 is returned and errno is
       set appropriately.

NOTES         top

       1.  By default selinux_restorecon_xattr(3) will use the default set
           of specfiles described in files_contexts(5) to calculate the SHA1
           digests to be used for comparison.  To change this default
           behavior selabel_open(3) must be called specifying the required
           SELABEL_OPT_PATH and setting the SELABEL_OPT_DIGEST option to a
           non-NULL value.  selinux_restorecon_set_sehandle(3) is then
           called to set the handle to be used by
           selinux_restorecon_xattr(3).

       2.  By default selinux_restorecon_xattr(3) reads /proc/mounts to
           obtain a list of non-seclabel mounts to be excluded from searches
           unless the SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS flag has been
           set.

       3.  RAMFS and TMPFS filesystems do not support the security.sehash
           extended attribute and are automatically excluded from searches.

       4.  By default stderr is used to log output messages and errors. This
           may be changed by calling selinux_set_callback(3) with the
           SELINUX_CB_LOG type option.

SEE ALSO         top

       selinux_restorecon(3)
       selinux_restorecon_set_sehandle(3),
       selinux_restorecon_default_handle(3),
       selinux_restorecon_set_exclude_list(3),
       selinux_restorecon_set_alt_rootpath(3),
       selinux_set_callback(3)

COLOPHON         top

       This page is part of the selinux (Security-Enhanced Linux user-space
       libraries and tools) project.  Information about the project can be
       found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩.  If you
       have a bug report for this manual page, see
       ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨https://github.com/SELinuxProject/selinux⟩ on 2020-06-09.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-06-04.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not part
       of the original manual page), send a mail to man-pages@man7.org

                                30 July 2016     selinux_restorecon_xattr(3)

Pages that refer to this page: selinux_restorecon(3)selinux_restorecon_default_handle(3)selinux_restorecon_set_alt_rootpath(3)selinux_restorecon_set_exclude_list(3)selinux_restorecon_set_sehandle(3)selinux_restorecon_xattr(3)