blob: b51008d9e67adf1660dd98b48893d14e0b948f37 [file] [log] [blame] [edit]
.TH "getkeycreatecon" "3" "9 September 2008" "dwalsh@redhat.com" "SELinux API documentation"
.SH "NAME"
getkeycreatecon, setkeycreatecon \- get or set the SELinux security context used for creating a new kernel keyrings
.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
.sp
.BI "int getkeycreatecon(char **" con );
.sp
.BI "int getkeycreatecon_raw(char **" con );
.sp
.BI "int setkeycreatecon(char * "context );
.sp
.BI "int setkeycreatecon_raw(char * "context );
.
.SH "DESCRIPTION"
.BR getkeycreatecon ()
retrieves the context used for creating a new kernel keyring.
This returned context should be freed with
.BR freecon (3)
if non-NULL.
.BR getkeycreatecon ()
sets *con to NULL if no keycreate context has been explicitly
set by the program (i.e. using the default policy behavior).
.BR setkeycreatecon ()
sets the context used for creating a new kernel keyring.
NULL can be passed to
.BR setkeycreatecon ()
to reset to the default policy behavior.
The keycreate context is automatically reset after the next
.BR execve (2),
so a program doesn't need to explicitly sanitize it upon startup.
.BR setkeycreatecon ()
can be applied prior to library
functions that internally perform an file creation,
in order to set an file context on the objects.
.BR getkeycreatecon_raw ()
and
.BR setkeycreatecon_raw ()
behave identically to their non-raw counterparts but do not perform context
translation.
.B Note:
Signal handlers that perform a
.BR setkeycreatecon ()
must take care to
save, reset, and restore the keycreate context to avoid unexpected behavior.
.br
.B Note:
Contexts are thread specific.
.
.SH "RETURN VALUE"
On error \-1 is returned.
On success 0 is returned.
.
.SH "SEE ALSO"
.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"