Lines Matching full:file
1 .\" Hey Emacs! This file is -*- nroff -*- source.
6 selabel_file \- userspace SELinux labeling interface and configuration file format for the file contexts backend
25 The file contexts backend maps from pathname/mode combinations into security contexts. It is used to find the appropriate context for each file when relabeling a file system. The returned \fIcontext\fR must be freed using \fBfreecon\fR(3).
27 \fBselabel_lookup\fR(3) describes the function with its return and error codes, however the following \fIerrno\fR is clarified further for the file contexts backend:
31 No context corresponding to the \fIpath\fR and \fImode\fR was found - This will also be returned when the file contexts series of files have a context of \fB<<none>>\fR against the \fIpath\fR (see the \fBFILE FORMAT\fR section).
34 The \fIpath\fR argument should be set to the full pathname of the file whose assigned context is being checked. The \fImode\fR argument should be set to the mode bits of the file, as determined by \fBlstat\fR(2). \fImode\fR may be zero, however full matching may not occur.
43 The \fBFILES\fR section details the configuration files used to determine a file context.
52 A non-null value for this option specifies a path to a file that will be opened in lieu of the standard file contexts file. This value is also used as the base name for determining the names of local customization files.
55 A non-null value for this option indicates that any local customizations to the file contexts mapping should be ignored.
58 A non-null value for this option is interpreted as a path prefix, for example "/etc". Only file context specifications starting with the given prefix are loaded. This may increase lookup performance, however any attempt to look up a path not starting with the given prefix will fail.
62 The file context files used to retrieve the default context depends on the \fBSELABEL_OPT_PATH\fR parameter passed to \fBselabel_open\fR(3). If \fINULL\fR, then the \fBSELABEL_OPT_PATH\fR value will default to the active policy file contexts location (as returned by \fBselinux_file_context_path\fR(3)), otherwise the actual \fBSELABEL_OPT_PATH\fR value specified is used.
67 The mandatory file contexts file that is either the fully qualified file name from \fISELABEL_OPT_PATH.value\fR or if \fINULL\fR, then the path returned by \fBselinux_file_context_path\fR(3).
69 The optional local and distribution substitution files that perform path aliasing on the 'in memory' version of the file contexts file.
71 These files have the same name as the mandatory file contexts file with the extensions \fI.subs\fR and \fI.subs_dist\fR added.
77 The mandatory file contexts file that is either the fully qualified file name from \fISELABEL_OPT_PATH.value\fR or if \fINULL\fR, then the path returned by \fBselinux_file_context_path\fR(3).
79 The optional local customizations file that has the same name as the mandatory file contexts file with the extension \fI.local\fR added.
81 \fBselinux_file_context_local_path\fR(3) will return the default path to this file.
83 The optional user home directory customizations file that has the same name as the mandatory file contexts file with the extension \fI.homedirs\fR added.
85 \fBselinux_file_context_homedir_path\fR(3) will return the default path to this file.
87 The optional local and distribution substitution files that perform any path aliasing on the 'in memory' version of the file contexts file (and the \fI.local\fR and/or \fI.homedirs\fR if present). These files have the same name as the mandatory file contexts file with the extensions \fI.subs\fR and \fI.subs_dist\fR added.
92 The default file context series of files are:
105 Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
107 Only the \fIfile_contexts\fR file is mandatory, the remainder are optional.
109 The entries within the file contexts series of files are shown in the \fBFILE FORMAT\fR section.
111 .SH "FILE FORMAT"
113 .SH "File Contexts Format"
130 An optional file type consisting of:
138 \fI\-\-\fR - Ordinary file
146 The security context that will be assigned to the file (i.e. returned as \fIcontext\fR).
166 .SH "Substitution File Format"
177 A path that matches an entry in one or more of the file contexts policy configuration file.
208 If the size of file contexts series of files contain many entries, then \fBselabel_open\fR(3) may have a delay as it reads in the files, and if
211 Depending on the version of SELinux it is possible that a \fIfile_contexts.template\fR file may also be present, however this is now deprecated.
213 The template file has the same format as the \fIfile_contexts\fR file and may also contain the keywords \fBHOME_ROOT\fR, \fBHOME_DIR\fR, \fBROLE\fR and \fBUSER\fR. This functionality has now been moved to the policy store and managed by \fBsemodule\fR(8) and \fBgenhomedircon\fR(8).
