HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |DESCRIPTION |RETURN VALUE |SEE ALSO |COLOPHON | |
matchpathcon(3) SELinux API documentationmatchpathcon(3)matchpathcon, matchpathcon_index - get the default SELinux security context for the specified path from the file contexts configuration
#include <selinux/selinux.h>int matchpathcon_init(const char *path);int matchpathcon_init_prefix(const char *path, const char*prefix);int matchpathcon_fini(void);int matchpathcon(const char *path, mode_tmode, char **con);int matchpathcon_index(const char *name, mode_tmode, char **con);
This family of functions is deprecated. For new code, please useselabel_open(3) with theSELABEL_CTX_FILEbackend in place ofmatchpathcon_init(), useselabel_close(3) in place ofmatchpathcon_fini(), and useselabel_lookup(3) in place ofmatchpathcon(). The remaining description below is for the legacy interface.matchpathcon_init() loads the file contexts configuration specified bypath into memory for use by subsequentmatchpathcon() calls. Ifpath is NULL, then the active file contexts configuration is loaded by default, i.e. the path returned byselinux_file_context_path(3). Unless theMATCHPATHCON_BASEONLY flag has been set viaset_matchpathcon_flags(3), files with the same path prefix but a.homedirsand.localsuffix are also looked up and loaded if present. These files provide dynamically generated entries for user home directories and for local customizations.matchpathcon_init_prefix() is the same asmatchpathcon_init() but only loads entries with regular expressions whose first pathname component is a prefix ofprefix , e.g. pass "/dev" if you only intend to callmatchpathcon() with pathnames beginning with /dev. However, this optimization is no longer necessary due to the use offile_contexts.bin files with precompiled regular expressions, so use of this interface is deprecated.matchpathcon_fini() frees the memory allocated by a prior call tomatchpathcon_init.() This function can be used to free and reset the internal state between multiplematchpathcon_init() calls, or to free memory when finished usingmatchpathcon().matchpathcon() matches the specifiedpathname, after transformation viarealpath(3) excepting any final symbolic link component if S_IFLNK was specified as themode, andmode against thefile contexts configuration and sets the security contextcon to refer to the resulting context. The caller must free the returned security contextcon usingfreecon(3) when finished using it.mode can be 0 to disable mode matching, but should be provided whenever possible, as it may affect the matching. Only the file format bits (i.e. the file type) of themode are used. Ifmatchpathcon_init() has not already been called, then this function will call it upon its first invocation with a NULLpath, defaulting to the active file contexts configuration.matchpathcon_index() is the same asmatchpathcon() but returns a specification index that can later be used in amatchpathcon_filespec_add(3) call.
Returns zero on success or -1 otherwise.
selinux(8),set_matchpathcon_flags(3),set_matchpathcon_invalidcon(3),set_matchpathcon_printf(3),matchpathcon_filespec_add(3),matchpathcon_checkmatches(3),freecon(3),setfilecon(3),setfscreatecon(3)
This page is part of theselinux (Security-Enhanced Linux user- space libraries and tools) project. Information about the project can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a bug report for this manual page, see ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/SELinuxProject/selinux⟩ on 2025-08-11. (At that time, the date of the most recent commit that was found in the repository was 2025-08-04.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgstephen.smalley.work@gmai... 21 November 2009matchpathcon(3)Pages that refer to this page:matchpathcon_checkmatches(3), selinux_lsetfilecon_default(3), set_matchpathcon_flags(3), matchpathcon(8)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |