Provided by: libselinux1-dev_2.1.0-4.1ubuntu1_amd64 bug


       getcon, getprevcon, getpidcon - get SELinux security context of a process.

       getpeercon - get security context of a peer socket.

       setcon - set current security context of a process.


       #include <selinux/selinux.h>

       int getcon(security_context_t *context);

       int getprevcon(security_context_t *context);

       int getpidcon(pid_t pid, security_context_t *context);

       int getpeercon(int fd, security_context_t *context);

       int setcon(security_context_t context);


       getcon retrieves the context of the current process, which must be free'd with freecon.

       getprevcon same as getcon but gets the context before the last exec.

       getpidcon returns the process context for the specified PID.

       getpeercon  retrieves  context of peer socket, and set *context to refer to it, which must
       be free'd with freecon.

       setcon sets the current security context of the process to a new value.  Note that use  of
       this  function  requires  that  the  entire application be trusted to maintain any desired
       separation between the old  and  new  security  contexts,  unlike  exec-based  transitions
       performed   via   setexeccon(3).   When  possible,  decompose  your  applicaiton  and  use
       setexeccon() and execve() instead.

       Since access to file descriptors is revalidated upon use by SELinux, the new context  must
       be explicitly authorized in the policy to use the descriptors opened by the old context if
       that is desired.  Otherwise, attempts by the  process  to  use  any  existing  descriptors
       (including stdin, stdout, and stderr) after performing the setcon() will fail.

       A  multi-threaded  application can perform a setcon() prior to creating any child threads,
       in which case all of the child threads will inherit the new  context.   However,  setcon()
       will fail if there are any other threads running in the same process.

       If  the process was being ptraced at the time of the setcon() operation, ptrace permission
       will be revalidated against the new context and the  setcon()  will  fail  if  it  is  not
       allowed by policy.


       On error -1 is returned.  On success 0 is returned.


       selinux(8), freecon(3), setexeccon(3)