HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |SYNOPSIS |DESCRIPTION |RETURN VALUE |NOTES |SEE ALSO |COLOPHON | |
selinux_...on_xattr(3) SELinux API documentationselinux_...on_xattr(3)selinux_restorecon_xattr - manage defaultsecurity.sehash extended attribute entries added byselinux_restorecon(3),setfiles(8) orrestorecon(8).
#include <selinux/restorecon.h>int selinux_restorecon_xattr(const char *pathname,unsigned intxattr_flags,struct dir_xattr ***xattr_list);
selinux_restorecon_xattr() returns a linked list ofdir_xattr structures containing information described below based on:pathname containing a directory tree to be searched forsecurity.sehash extended attribute entries.xattr_flags contains options as follows:SELINUX_RESTORECON_XATTR_RECURSErecursively descend directories.SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS delete non-matching digests from each directory inpathname.SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTSdelete all digests from each directory inpathname.SELINUX_RESTORECON_XATTR_IGNORE_MOUNTSdo not read/proc/mountsto obtain a list of non-seclabel mounts to be excluded from the search. SettingSELINUX_RESTORECON_XATTR_IGNORE_MOUNTSis useful where there is a non-seclabel fs mounted with a seclabel fs mounted on a directory below this.xattr_list is the returned pointer to a linked list ofdir_xattrstructures, each containing the following information: struct dir_xattr { char *directory; char *digest; /* Printable hex encoded string */ enum digest_result result; struct dir_xattr *next; }; Theresultentry is enumerated as follows: enum digest_result { MATCH = 0, NOMATCH, DELETED_MATCH, DELETED_NOMATCH, ERROR };xattr_list must be set toNULLbefore callingselinux_restorecon_xattr(3). The caller is responsible for freeing the returnedxattr_list entries in the linked list. See theNOTESsection for more information.On success, zero is returned. On error, -1 is returned anderrno is set appropriately.
1. By defaultselinux_restorecon_xattr(3) will use the default set of specfiles described infiles_contexts(5) to calculate the SHA1 digests to be used for comparison. To change this default behaviorselabel_open(3) must be called specifying the requiredSELABEL_OPT_PATHand setting theSELABEL_OPT_DIGEST option to a non-NULL value.selinux_restorecon_set_sehandle(3) is then called to set the handle to be used byselinux_restorecon_xattr(3). 2. By defaultselinux_restorecon_xattr(3) reads/proc/mountsto obtain a list of non-seclabel mounts to be excluded from searches unless theSELINUX_RESTORECON_XATTR_IGNORE_MOUNTS flag has been set. 3.RAMFSandTMPFSfilesystems do not support thesecurity.sehash extended attribute and are automatically excluded from searches. 4. By defaultstderris used to log output messages and errors. This may be changed by callingselinux_set_callback(3) with theSELINUX_CB_LOGtype option.
selinux_restorecon(3)selinux_restorecon_set_sehandle(3),selinux_restorecon_default_handle(3),selinux_restorecon_set_exclude_list(3),selinux_restorecon_set_alt_rootpath(3),selinux_set_callback(3)
This page is part of theselinux (Security-Enhanced Linux user- space libraries and tools) project. Information about the project can be found at ⟨https://github.com/SELinuxProject/selinux/wiki⟩. If you have a bug report for this manual page, see ⟨https://github.com/SELinuxProject/selinux/wiki/Contributing⟩. This page was obtained from the project's upstream Git repository ⟨https://github.com/SELinuxProject/selinux⟩ on 2025-08-11. (At that time, the date of the most recent commit that was found in the repository was 2025-08-04.) If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up-to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.org 30 July 2016selinux_...on_xattr(3)Pages that refer to this page:selinux_restorecon(3), selinux_restorecon_default_handle(3), selinux_restorecon_set_alt_rootpath(3), selinux_restorecon_set_exclude_list(3), selinux_restorecon_set_sehandle(3), selinux_restorecon_xattr(3)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |