Provided by: selinux-utils_2.1.0-4.1ubuntu1_amd64 bug

NAME

       selabel_x - userspace SELinux labeling interface: X Window System contexts backend.

SYNOPSIS

       #include <selinux/selinux.h>

       #include <selinux/label.h>

       int selabel_lookup(struct selabel_handle *hnd,
                          security_context_t *context,

                          const char *object_name, int object_type);

DESCRIPTION

       The  X contexts backend maps from X Window System object names into security contexts.  It
       is used to find the appropriate context for X Window  System  objects  whose  significance
       and/or  usage  semantics  are  determined primarily by name.  This backend is also used to
       determine the default context for labeling remotely connected X clients.

       The object_type argument should be set to one of the following values:

       SELABEL_X_PROP
              The object_name  argument  specifies  the  name  of  a  window  property,  such  as
              "WM_NAME".

       SELABEL_X_SELN
              The object_name argument specifies the name of a selection, such as "PRIMARY".

       SELABEL_X_EXT
              The  object_name  argument  specifies  the  name  of  a protocol extension, such as
              "RENDER".

       SELABEL_X_EVENT
              The  object_name  argument  specifies  the  name  of  an  event   type,   such   as
              "X11:ButtonPress".

       SELABEL_X_CLIENT
              The object_name argument is ignored and should be set to NULL.  The default context
              for labeling remote X clients is returned.

       SELABEL_X_POLYPROP
              Like  SELABEL_X_PROP,  but  checks  if   the   property   was   marked   as   being
              polyinstantiated.  See NOTES below.

       SELABEL_X_POLYSELN
              Like   SELABEL_X_SELN,   but   checks   if   the  selection  was  marked  as  being
              polyinstantiated.  See NOTES below.

OPTIONS

       In addition to the global options described in selabel_open(3),  this  backend  recognizes
       the following options:

       SELABEL_OPT_PATH
              A  non-null value for this option specifies a path to a file that will be opened in
              lieu of the standard X contexts file.

NOTES

       Properties and selections are marked as either polyinstantiated or not.   For  these  name
       types,  the  "POLY" option searches only the names marked as being polyinstantiated, while
       the other option searches only the names marked as not being polyinstantiated.   Users  of
       the  interface  should  check  both mappings, optionally taking action based on the result
       (e.g. polyinstantiating the object).

SEE ALSO

       selabel_open(3), selabel_lookup(3), selabel_stats(3), selinux(8)

                                           18 Jun 2007                               selabel_x(5)