Provided by: libselinux1-dev_2.1.0-4.1ubuntu1_amd64 bug

NAME

       getexeccon,  setexeccon - get or set the SELinux security context used for executing a new
       process.

       rpm_execcon - run a helper for rpm in an appropriate security context

SYNOPSIS

       #include <selinux/selinux.h>

       int getexeccon(security_context_t *context);

       int setexeccon(security_context_t context);

       int rpm_execcon(unsigned int verified, const char *filename, char  *const  argv[]  ,  char
       *const envp[]);

DESCRIPTION

       getexeccon  retrieves the context used for executing a new process.  This returned context
       should be freed with freecon if non-NULL.  getexeccon sets *con to NULL if no exec context
       has been explicitly set by the program (i.e. using the default policy behavior).

       setexeccon  sets  the  context  used  for  the  next  execve  call.  NULL can be passed to
       setexeccon to reset to the default policy behavior.  The  exec  context  is  automatically
       reset  after  the  next  execve,  so a program doesn't need to explicitly sanitize it upon
       startup.

       setexeccon can be applied prior to library functions that internally  perform  an  execve,
       e.g. execl*, execv*, popen, in order to set an exec context for that operation.

       Note:  Signal  handlers  that perform an execve must take care to save, reset, and restore
       the exec context to avoid unexpected behavior.

       rpm_execcon runs a helper for rpm  in  an  appropriate  security  context.   The  verified
       parameter  should  contain  the return code from the signature verification (0 == ok, 1 ==
       notfound, 2 == verifyfail, 3 == nottrusted, 4 == nokey), although this information is  not
       yet  used  by  the  function.  The function determines the proper security context for the
       helper based on policy, sets the exec context accordingly, and then executes the specified
       filename with the provided argument and environment arrays.

RETURN VALUE

       On error -1 is returned.

       On  success getexeccon and setexeccon returns 0.  rpm_execcon only returns upon errors, as
       it calls execve(2).

SEE ALSO

       selinux(8), freecon(3), getcon(3)