Man Pages

getexeccon(3) - phpMan getexeccon(3) - phpMan

Command: man perldoc info search(apropos)  


getexeccon(3)              SELinux API documentation             getexeccon(3)



NAME
       getexeccon, setexeccon - get or set the SELinux security context used for executing a new process.

       rpm_execcon - run a helper for rpm in an appropriate security context


SYNOPSIS
       #include <selinux/selinux.h>

       int getexeccon(security_context_t *context);

       int setexeccon(security_context_t context);

       int rpm_execcon(unsigned int verified, const char *filename, char *const argv[] , char *const envp[]);


DESCRIPTION
       getexeccon  retrieves the context used for executing a new process.  This returned context should be freed with
       freecon if non-NULL.  getexeccon sets *con to NULL if no exec context has been explicitly set  by  the  program
       (i.e. using the default policy behavior).

       setexeccon  sets  the  context used for the next execve call.  NULL can be passed to setexeccon to reset to the
       default policy behavior.  The exec context is automatically reset after the next execve, so a  program  doesn't
       need to explicitly sanitize it upon startup.


       setexeccon  can  be  applied prior to library functions that internally perform an execve, e.g. execl*, execv*,
       popen, in order to set an exec context for that operation.


       Note: Signal handlers that perform an execve must take care to save, reset, and restore  the  exec  context  to
       avoid unexpected behavior.


       rpm_execcon  runs  a  helper for rpm in an appropriate security context.  The verified parameter should contain
       the return code from the signature verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 == nottrusted, 4 ==
       nokey), although this information is not yet used by the function.  The function determines the proper security
       context for the helper based on policy, sets the exec context accordingly,  and  then  executes  the  specified
       filename with the provided argument and environment arrays.



RETURN VALUE
       On error -1 is returned.

       On success getexeccon and setexeccon returns 0.  rpm_execcon only returns upon errors, as it calls execve(2).


SEE ALSO
       selinux(8), freecon(3), getcon(3)





russellATcoker.au            1 January 2004                   getexeccon(3)