Section: C Library Functions (3)
Updated: 08 March 2011
Return to Main Contents
selinux_file_context_verify - Compare the SELinux security context on disk to the default security context required by the policy file contexts file
int selinux_file_context_verify(const char *path, mode_t mode);
compares the context of the specified
that is held on disk (in the extended attribute), to the system default entry held in the file contexts series of files.
may be zero.
Note that the two contexts are compared for "significant" differences (i.e. the user component of the contexts are ignored) as shown in the
If the contexts significantly match, 1 (one) is returned.
If the contexts do not match 0 (zero) is returned and
is set to either
for the reasons listed in the
section, or if
= 0 then the contexts did not match.
On failure -1 is returned and
if extended attributes are not supported by the file system.
if there is no entry in the file contexts series of files or
does not exist.
if the entry in the file contexts series of files or
are invalid, or the returned context fails validation.
if attempt to allocate memory failed.
The following configuration files (the file contexts series of files) supporting the active policy will be used (should they exist) to determine the
- This file must exist.
- If exists has local customizations.
- If exists has users home directory customizations.
- If exists has substitutions that are then applied to the 'in memory' version of the file contexts files.
If the files context is:
and the default context defined in the file contexts file is:
then the actual strings compared are:
:object_r:admin_home_t:s0 and :object_r:admin_home_t:s0
Therefore they will match and
will return 1.
- RETURN VALUE
- SEE ALSO
This document was created by
using the manual pages.
Time: 17:43:36 GMT, January 17, 2018