{"id":4556,"date":"2022-12-20T18:09:03","date_gmt":"2022-12-20T21:09:03","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/selabel_media-man5\/"},"modified":"2022-12-20T18:09:03","modified_gmt":"2022-12-20T21:09:03","slug":"selabel_media-man5","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/selabel_media-man5\/","title":{"rendered":"selabel_media (man5)"},"content":{"rendered":"

selabel_media<\/h1>\n

NAME<\/a>
SYNOPSIS<\/a>
DESCRIPTION<\/a>
OPTIONS<\/a>
FILES<\/a>
FILE FORMAT<\/a>
NOTES<\/a>
SEE ALSO<\/a> <\/p>\n

\n

NAME <\/a> <\/h2>\n

selabel_media \u2212 userspace SELinux labeling interface and configuration file format for the media contexts backend<\/p>\n

SYNOPSIS <\/a> <\/h2>\n

#include <\/b><\/p>\n

int selabel_lookup(struct selabel_handle *<\/b>hnd<\/i>,<\/b><\/p>\n

char **<\/b>context<\/i>,
const char *<\/b>device_name<\/i>, int<\/b> unused<\/i>);<\/b><\/p>\n

int selabel_lookup_raw(struct selabel_handle *<\/b>hnd<\/i>,<\/b><\/p>\n

char **<\/b>context<\/i>,
const char *<\/b>device_name<\/i>, int<\/b> unused<\/i>);<\/b><\/p>\n

DESCRIPTION <\/a> <\/h2>\n

The media contexts backend maps from media device names such as “cdrom” or “floppy” into security contexts. It is used to find the appropriate context for establishing context mounts on these devices. The returned context<\/i> must be freed using freecon<\/b>(3).
selabel_lookup<\/b>(3) describes the function with its return and error codes.<\/p>\n

The integer lookup argument is currently unused and should be set to zero.<\/p>\n

Any messages generated by selabel_lookup<\/b>(3) are sent to stderr<\/i> by default, although this can be changed by selinux_set_callback<\/b>(3).<\/p>\n

selabel_lookup_raw<\/b>(3) behaves identically to selabel_lookup<\/b>(3) but does not perform context translation.<\/p>\n

The FILES<\/b> section details the configuration files used to determine the media context.<\/p>\n

OPTIONS <\/a> <\/h2>\n

In addition to the global options described in selabel_open<\/b>(3), this backend recognizes the following options:
SELABEL_OPT_PATH<\/b><\/p>\n

A non-null value for this option specifies a path to a file that will be opened in lieu of the standard media<\/i> contexts file.<\/p>\n

FILES <\/a> <\/h2>\n

The media context file used to retrieve a default context depends on the SELABEL_OPT_PATH<\/b> parameter passed to selabel_open(3). If<\/b> NULL<\/i>, then the SELABEL_OPT_PATH<\/b> value will default to the active policy media contexts location (as returned by selinux_media_context_path<\/b>(3)), otherwise the actual SELABEL_OPT_PATH<\/b> value specified is used.<\/p>\n

The default media contexts file is:<\/p>\n

\/etc\/selinux\/{SELINUXTYPE}\/contexts\/files\/media<\/i><\/p>\n

Where {SELINUXTYPE}<\/i> is the entry from the selinux configuration file config<\/i> (see selinux_config<\/b>(5)).<\/p>\n

FILE FORMAT <\/a> <\/h2>\n

Each line within the media<\/i> file is as follows:<\/p>\n

device_name context<\/i><\/p>\n

Where:<\/p>\n

device_name<\/i><\/p>\n

The media identifier (e.g. cdrom, floppy, disk and usb).<\/p>\n

context<\/i><\/p>\n

The context to be used for labeling the device.<\/p>\n

Example:<\/p>\n

# contexts\/files\/media
cdrom system_u:object_r:removable_device_t
floppy system_u:object_r:removable_device_t
disk system_u:object_r:fixed_disk_device_t<\/p>\n

NOTES <\/a> <\/h2>\n

If contexts are to be validated, then the global option SELABEL_OPT_VALIDATE<\/b> must be set before calling selabel_open<\/b>(3). If this is not set, then it is possible for an invalid context to be returned.<\/p>\n

SEE ALSO <\/a> <\/h2>\n

selinux<\/b>(8), selabel_open<\/b>(3), selabel_lookup<\/b>(3), selabel_stats<\/b>(3), selabel_close<\/b>(3), selinux_set_callback<\/b>(3), selinux_media_context_path<\/b>(3), freecon<\/b>(3), selinux_config<\/b>(5)<\/p>\n

\n","protected":false},"excerpt":{"rendered":"

selabel_media \u2212 userspace SELinux labeling interface and configuration file format for the media contexts backend <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[959],"tags":[961,1291,1515],"class_list":["post-4556","post","type-post","status-publish","format-standard","hentry","category-5-formatos-de-ficheros","tag-961","tag-man5","tag-selabel_media"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4556","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=4556"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/4556\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=4556"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=4556"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=4556"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}