LinuxGuruz
  • Last 5 Forum Topics
    Replies
    Views
    Last post


The Web Only This Site
  • BOOKMARK

  • ADD TO FAVORITES

  • REFERENCES


  • MARC

    Mailing list ARChives
    - Search by -
     Subjects
     Authors
     Bodies





    FOLDOC

    Computing Dictionary




  • Text Link Ads






  • LINUX man pages
  • Linux Man Page Viewer


    The following form allows you to view linux man pages.

    Command:

    setcon

    
    
           getpeercon - get security context of a peer socket.
    
           setcon - set current security context of a process.
    
    
    

    SYNOPSIS

           #include <selinux/selinux.h>
    
           int getcon(security_context_t *context);
    
           int getprevcon(security_context_t *context);
    
           int getpidcon(pid_t pid, security_context_t *context);
    
           int getpeercon(int fd, security_context_t *context);
    
           int setcon(security_context_t context);
    
    
    

    DESCRIPTION

           getcon retrieves the context of the  current  process,  which  must  be
           free'd with freecon.
    
           getprevcon same as getcon but gets the context before the last exec.
    
           getpidcon returns the process context for the specified PID.
    
           getpeercon  retrieves context of peer socket, and set *context to refer
           to it, which must be free'd with freecon.
    
           setcon sets the current security context of the process to a new value.
           Note  that use of this function requires that the entire application be
           trusted to maintain any desired separation  between  the  old  and  new
           security contexts, unlike exec-based transitions performed via setexec-
           con(3).  When possible, decompose your applicaiton and use setexeccon()
           and execve() instead.
    
           Since  access  to  file descriptors is revalidated upon use by SELinux,
           the new context must be explicitly authorized in the policy to use  the
           descriptors  opened  by the old context if that is desired.  Otherwise,
           attempts by the process to  use  any  existing  descriptors  (including
           stdin, stdout, and stderr) after performing the setcon() will fail.
    
           A  multi-threaded  application can perform a setcon() prior to creating
           any child threads, in which case all of the child threads will  inherit
           the  new  context.   However, setcon() will fail if there are any other
           threads running in the same process.
    
           If the process was being ptraced at the time of the setcon() operation,
           ptrace  permission  will be revalidated against the new context and the
           setcon() will fail if it is not allowed by policy.
    
    
  • MORE RESOURCE


  • Linux

    The Distributions





    Linux

    The Software





    Linux

    The News



  • MARKETING






  • Toll Free

webmaster@linuxguruz.com
Copyright © 1999 - 2016 by LinuxGuruz