Provided by: libselinux1-dev_2.7-2build2_amd64 bug

NAME

       selinux_restorecon_xattr  -  manage  default  security.restorecon_last  extended attribute
       entries added by selinux_restorecon(3), setfiles(8) or restorecon(8).

SYNOPSIS

       #include <selinux/restorecon.h>

       int selinux_restorecon_xattr(const char *pathname,
                              unsigned int xattr_flags,
                              struct dir_xattr ***xattr_list);

DESCRIPTION

       selinux_restorecon_xattr() returns  a  linked  list  of  dir_xattr  structures  containing
       information described below based on:

              pathname  containing  a  directory tree to be searched for security.restorecon_last
              extended attribute entries.

              xattr_flags contains options as follows:

                     SELINUX_RESTORECON_XATTR_RECURSE recursively descend directories.

                     SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS delete non-matching digests
                     from each directory in pathname.

                     SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS  delete  all  digests  from each
                     directory in pathname.

                     SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS do not read /proc/mounts to obtain  a
                     list of non-seclabel mounts to be excluded from the search.
                     Setting  SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS  is  useful where there is a
                     non-seclabel fs mounted with a seclabel fs  mounted  on  a  directory  below
                     this.

              xattr_list  is  the returned pointer to a linked list of dir_xattr structures, each
              containing the following information:

                     struct dir_xattr {
                         char *directory;
                         char *digest;    /* Printable hex encoded string */
                         enum digest_result result;
                         struct dir_xattr *next;
                     };

              The result entry is enumerated as follows:
                     enum digest_result {
                         MATCH = 0,
                         NOMATCH,
                         DELETED_MATCH,
                         DELETED_NOMATCH,
                         ERROR
                     };

              xattr_list must be set to NULL  before  calling  selinux_restorecon_xattr(3).   The
              caller  is  responsible  for  freeing the returned xattr_list entries in the linked
              list.

       See the NOTES section for more information.

RETURN VALUE

       On success, zero is returned.  On error, -1 is returned and errno is set appropriately.

NOTES

       1.  By default selinux_restorecon_xattr(3) will use the default set of specfiles described
           in  files_contexts(5) to calculate the initial SHA1 digest to be used for comparision.
           To change this default behavior selabel_open(3) must be called specifying the required
           SELABEL_OPT_PATH  and  setting  the  SELABEL_OPT_DIGEST  option  to  a non-NULL value.
           selinux_restorecon_set_sehandle(3) is then called to set the  handle  to  be  used  by
           selinux_restorecon_xattr(3).

       2.  By  default  selinux_restorecon_xattr(3)  reads  /proc/mounts to obtain a list of non-
           seclabel    mounts     to     be     excluded     from     searches     unless     the
           SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS flag has been set.

       3.  RAMFS  and  TMPFS  filesystems  do  not  support the security.restorecon_last extended
           attribute and are automatically excluded from searches.

       4.  By default stderr is used to log output messages and errors. This may  be  changed  by
           calling selinux_set_callback(3) with the SELINUX_CB_LOG type option.

SEE ALSO

       selinux_restorecon(3)
       selinux_restorecon_set_sehandle(3),
       selinux_restorecon_default_handle(3),
       selinux_restorecon_set_exclude_list(3),
       selinux_restorecon_set_alt_rootpath(3),
       selinux_set_callback(3)

                                           30 July 2016               selinux_restorecon_xattr(3)