getfscreatecon(3)                   SE Linux API documentation                  getfscreatecon(3)



NAME
       getfscreatecon,  setfscreatecon - get or set the SE Linux security context used for creat-
       ing a new file system object.


SYNOPSIS
       #include 

       int getfscreatecon(security_context_t *con);
       int setfscreatecon(security_context_t context);


DESCRIPTION
       getfscreatecon retrieves the context used for creating a new  file  system  object.   This
       returned  context  should  be freed with freecon if non-NULL.  getfscreatecon sets *con to
       NULL if no fscreate context has been explicitly set by the program (i.e. using the default
       policy behavior).

       setfscreatecon  sets  the context used for creating a new file system object.  NULL can be
       passed to setfscreatecon to reset to the default policy behavior.  The fscreate context is
       automatically  reset  after the next execve, so a program doesn't need to explicitly sani-
       tize it upon startup.
       setfscreatecon can be applied prior to library functions that internally perform  an  file
       creation, in order to set an file context on the objects.

       Note:  Signal  handlers  that  perform  an  setfscreate must take care to save, reset, and
       restore the fscreate context to avoid unexpected behaviors.

RETURN VALUE
       On error -1 is returned.

       On success getfscreatecon returns the length of the context (not  including  the  trailing
       zero byte).  On success setfscreatecon returns 0.


SEE ALSO
       freecon(3), getcon(3), getexeccon(3)



                      1 January 2004                        getfscreatecon(3)