Provided by: libselinux1-dev_2.2.2-1ubuntu0.1_amd64 bug

NAME
       getexeccon, setexeccon - get or set the SELinux security context used for executing a new process

       rpm_execcon - run a helper for rpm in an appropriate security context


SYNOPSIS
       #include <selinux/selinux.h>

       int getexeccon(security_context_t *context);

       int getexeccon_raw(security_context_t *context);

       int setexeccon(security_context_t context);

       int setexeccon_raw(security_context_t context);

       int rpm_execcon(unsigned int verified, const char *filename, char *const argv[] , char *const envp[]);


DESCRIPTION
       getexeccon()  retrieves  the  context  used for executing a new process.  This returned context should be
       freed with freecon(3) if non-NULL.  getexeccon() sets *context to  NULL  if  no  exec  context  has  been
       explicitly set by the program (i.e. using the default policy behavior).

       setexeccon()  sets  the  context used for the next execve(2) call.  NULL can be passed to setexeccon() to
       reset to the default policy behavior.  The exec context is automatically reset after the next  execve(2),
       so a program doesn't need to explicitly sanitize it upon startup.

       setexeccon()  can  be  applied  prior  to  library  functions  that internally perform an execve(2), e.g.
       execl*(3), execv*(3), popen(3), in order to set an exec context for that operation.

       getexeccon_raw() and setexeccon_raw() behave identically to their non-raw counterparts but do not perform
       context translation.

       Note: Signal handlers that perform an execve(2) must take care to  save,  reset,  and  restore  the  exec
       context to avoid unexpected behavior.

       rpm_execcon()  runs  a  helper for rpm in an appropriate security context.  The verified parameter should
       contain the return code from the signature verification (0 == ok, 1 == notfound, 2 ==  verifyfail,  3  ==
       nottrusted,  4  ==  nokey),  although  this  information  is  not yet used by the function.  The function
       determines the proper security context for the helper based on policy, sets the exec context accordingly,
       and then executes the specified filename with the provided argument and environment arrays.


RETURN VALUE
       On error -1 is returned.

       On success getexeccon() and setexeccon() returns 0.  rpm_execcon() only returns upon errors, as it  calls
       execve(2).


SEE ALSO
       selinux(8), freecon(3), getcon(3)

russell@coker.com.au                             1 January 2004                                    getexeccon(3)