Hey Emacs! This file is -*- nroff -*- source.
Author: Eamon Walsh (ewalsh (at] tycho.nsa.gov) 2007
<gammaray (at] basealt.ru>.
Author: Eamon Walsh (ewalsh (at] tycho.nsa.gov) 2007
"selabel_file" "5" "01 2011" "Security Enhanced Linux" " API SELinux"
""
selabel_file - SELinux
.
""
#include <selinux/label.h> "int selabel_lookup(struct selabel_handle *" hnd , "char **" context , "const char *" path ", int " mode ");" "int selabel_lookup_raw(struct selabel_handle *" hnd , "char **" context , "const char *" path ", int " mode ");" .
""
'/' . . context freecon(3).
selabel_lookup(3) . , errno :
ENOENT , path mode, - , <<none>> path (. ). path , . mode , lstat(2). mode , , , . , selabel_lookup(3), stderr. selinux_set_callback(3). selabel_lookup_raw (3) selabel_lookup(3), . , . .
""
,
selabel_open (3), :
SELABEL_OPT_PATH , null, , . .
SELABEL_OPT_BASEONLY null , .
SELABEL_OPT_SUBSET null , , "/etc". , . , , , , . ( ), file_contexts.bin. .
""
, , SELABEL_OPT_PATH, selabel_open(3). NULL, SELABEL_OPT_PATH ( selinux_file_context_path(3)), SELABEL_OPT_PATH.
SELABEL_OPT_BASEONLY , :
"1." 4
- SELABEL_OPT_PATH.value, ( NULL) , selinux_file_context_path(3).
"2." 4
( ), ' ' .
, , .subs .subs_dist.
SELABEL_OPT_BASEONLY , :
"1." 4
, SELABEL_OPT_PATH.value, ( NULL) , selinux_file_context_path(3).
"2." 4
, , , .local.
selinux_file_context_local_path(3) .
"3." 4
, , , .homedirs.
selinux_file_context_homedir_path(3) .
"4." 4
( ), ' ' ( .local / .homedirs, ). , , .subs .subs_dist.
selinux_file_context_subs_path(3) selinux_file_context_subs_dist_path(3) .
:
/etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.local /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.homedirs /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.subs /etc/selinux/{SELINUXTYPE}/contexts/files/file_contexts.subs_dist
{SELINUXTYPE} - selinux config (. selinux_config(5)).
file_contexts, .
.
.
" "
" "
file_contexts (.local .homedirs) :
pathname [file_type] context
:
pathname
, .
file_type
, :
-b - - -c - -
-d - -p -
-l - -s -
-- -
context
:
"a." 4
, ( context).
"b." 4
<<none>> , , , selabel_lookup(3) -1 errno ENOENT.
:
# ./contexts/files/file_contexts
# pathname file_type context
/.* system_u:object_r:default_t:s0
/[^/]+ -- system_u:object_r:etc_runtime_t:s0
/tmp/.* <<none>>
" "
(.subs .subs_dist) :
subs_pathname pathname
:
pathname
, .
subs_pathname
, ( ).
:
# ./contexts/files/file_contexts.subs
# pathname subs_pathname
/myweb /var/www
/myspool /var/spool/mail
: selabel_lookup(3) /myweb/index.html, /myweb
/var/www, :
/var/www/index.html
.
""
"1." 4
, SELABEL_OPT_VALIDATE selabel_open(3). , .
"2." 4
, selabel_open(3) ( ) .
"3." 4
SELinux file_contexts.template, .
, file_contexts, HOME_ROOT, HOME_DIR, ROLE USER. semodule(8) genhomedircon(8).
.
" "
.ad l
.nh
selinux "(8), " selabel_open "(3), " selabel_lookup "(3), " selabel_stats "(3), " selabel_close "(3), " selinux_set_callback "(3), " selinux_file_context_path "(3), " freecon "(3), " selinux_config "(5), " lstat "(2), "selinux_file_context_subs_path "(3), " selinux_file_context_subs_dist_path "(3), " selinux_file_context_homedir_path "(3), "selinux_file_context_local_path "(3), " semodule "(8), " genhomedircon "(8) "
