2012-11-13 20:15:34 +00:00
|
|
|
.TH "getkeycreatecon" "3" "9 September 2008" "dwalsh@redhat.com" "SELinux API documentation"
|
2008-09-29 19:12:38 +00:00
|
|
|
.SH "NAME"
|
2012-11-13 20:15:34 +00:00
|
|
|
getkeycreatecon, setkeycreatecon \- get or set the SELinux security context used for creating a new kernel keyrings
|
|
|
|
.
|
2008-09-29 19:12:38 +00:00
|
|
|
.SH "SYNOPSIS"
|
|
|
|
.B #include <selinux/selinux.h>
|
|
|
|
.sp
|
2014-02-19 14:16:17 +00:00
|
|
|
.BI "int getkeycreatecon(char **" con );
|
2012-11-13 20:15:34 +00:00
|
|
|
.sp
|
2014-02-19 14:16:17 +00:00
|
|
|
.BI "int getkeycreatecon_raw(char **" con );
|
2012-11-10 03:32:07 +00:00
|
|
|
.sp
|
2016-12-09 23:33:11 +00:00
|
|
|
.BI "int setkeycreatecon(char *" context );
|
2012-11-10 03:32:07 +00:00
|
|
|
.sp
|
2016-12-09 23:33:11 +00:00
|
|
|
.BI "int setkeycreatecon_raw(char *" context );
|
2012-11-13 20:15:34 +00:00
|
|
|
.
|
2008-09-29 19:12:38 +00:00
|
|
|
.SH "DESCRIPTION"
|
2012-11-13 20:15:34 +00:00
|
|
|
.BR getkeycreatecon ()
|
2008-09-29 19:12:38 +00:00
|
|
|
retrieves the context used for creating a new kernel keyring.
|
2012-11-13 20:15:34 +00:00
|
|
|
This returned context should be freed with
|
|
|
|
.BR freecon (3)
|
|
|
|
if non-NULL.
|
|
|
|
.BR getkeycreatecon ()
|
|
|
|
sets *con to NULL if no keycreate context has been explicitly
|
2008-09-29 19:12:38 +00:00
|
|
|
set by the program (i.e. using the default policy behavior).
|
|
|
|
|
2012-11-13 20:15:34 +00:00
|
|
|
.BR setkeycreatecon ()
|
2008-09-29 19:12:38 +00:00
|
|
|
sets the context used for creating a new kernel keyring.
|
|
|
|
NULL can be passed to
|
2012-11-13 20:15:34 +00:00
|
|
|
.BR setkeycreatecon ()
|
|
|
|
to reset to the default policy behavior.
|
|
|
|
The keycreate context is automatically reset after the next
|
|
|
|
.BR execve (2),
|
|
|
|
so a program doesn't need to explicitly sanitize it upon startup.
|
|
|
|
|
|
|
|
.BR setkeycreatecon ()
|
|
|
|
can be applied prior to library
|
2008-09-29 19:12:38 +00:00
|
|
|
functions that internally perform an file creation,
|
|
|
|
in order to set an file context on the objects.
|
|
|
|
|
2012-11-10 03:32:07 +00:00
|
|
|
.BR getkeycreatecon_raw ()
|
|
|
|
and
|
|
|
|
.BR setkeycreatecon_raw ()
|
|
|
|
behave identically to their non-raw counterparts but do not perform context
|
|
|
|
translation.
|
|
|
|
|
2012-11-13 20:15:34 +00:00
|
|
|
.B Note:
|
|
|
|
Signal handlers that perform a
|
|
|
|
.BR setkeycreatecon ()
|
|
|
|
must take care to
|
2008-09-29 19:12:38 +00:00
|
|
|
save, reset, and restore the keycreate context to avoid unexpected behavior.
|
2015-12-09 20:52:10 +00:00
|
|
|
|
|
|
|
.br
|
|
|
|
.B Note:
|
|
|
|
Contexts are thread specific.
|
2012-11-13 20:15:34 +00:00
|
|
|
.
|
2008-09-29 19:12:38 +00:00
|
|
|
.SH "RETURN VALUE"
|
2012-11-13 20:15:34 +00:00
|
|
|
On error \-1 is returned.
|
2008-09-29 19:12:38 +00:00
|
|
|
On success 0 is returned.
|
2012-11-13 20:15:34 +00:00
|
|
|
.
|
2008-09-29 19:12:38 +00:00
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
|