set_matchpathcon_invalidcon (3)

NAME

set_matchpathcon_flags, set_matchpathcon_invalidcon, set_matchpathcon_printf - set flags controlling the operation of matchpathcon or matchpathcon_index and configure the behaviour of validity checking and error displaying

SYNOPSIS

#include <selinux/selinux.h>

void set_matchpathcon_flags(unsigned int flags);

void set_matchpathcon_invalidcon(int (*f)(const char *path, unsigned lineno, char *context));

void set_matchpathcon_printf(void (*f)(const char *fmt, ...));

DESCRIPTION

set_matchpathcon_flags() sets the flags controlling the operation of matchpathcon_init(3) and subsequently matchpathcon_index(3) or matchpathcon(3). If the MATCHPATHCON_BASEONLY flag is set, then only the base file contexts configuration file will be processed, not any dynamically generated entries or local customizations.

set_matchpathcon_invalidcon() sets the function used by matchpathcon_init(3) when checking the validity of a context in the file contexts configuration. If not set, then this defaults to a test based on security_check_context(3), which checks validity against the active policy on a SELinux system. This can be set to instead perform checking based on a binary policy file, e.g. using sepol_check_context(3), as is done by setfiles -c. The function is also responsible for reporting any such error, and may include the path and lineno in such error messages.

set_matchpathcon_printf() sets the function used by matchpathcon_init(3) when displaying errors about the file contexts configuration. If not set, then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect error reporting to a different destination.

RETURN VALUE

Returns zero on success or -1 otherwise.

SEE ALSO

selinux(8), matchpathcon(3), matchpathcon_index(3), set_matchpathcon_invalidcon(3), set_matchpathcon_printf(3), freecon(3), setfilecon(3), setfscreatecon(3)