Provided by: libselinux1-dev_3.5-2ubuntu2.1_amd64 bug

NAME
       matchpathcon,  matchpathcon_index  - get the default SELinux security context for the specified path from
       the file contexts configuration


SYNOPSIS
       #include <selinux/selinux.h>

       int matchpathcon_init(const char *path);

       int matchpathcon_init_prefix(const char *path, const char *prefix);

       int matchpathcon_fini(void);

       int matchpathcon(const char *path, mode_t mode, char **con);

       int matchpathcon_index(const char *name, mode_t mode, char **con);


DESCRIPTION
       This  family  of  functions  is  deprecated.   For  new  code,  please  use  selabel_open(3)   with   the
       SELABEL_CTX_FILE   backend   in   place   of   matchpathcon_init(),  use  selabel_close(3)  in  place  of
       matchpathcon_fini(), and use selabel_lookup(3) in place of matchpathcon().

       The remaining description below is for the legacy interface.

       matchpathcon_init() loads the file contexts configuration specified  by  path  into  memory  for  use  by
       subsequent  matchpathcon() calls.  If path is NULL, then the active file contexts configuration is loaded
       by default, i.e. the path returned by  selinux_file_context_path(3).   Unless  the  MATCHPATHCON_BASEONLY
       flag  has  been  set  via  set_matchpathcon_flags(3), files with the same path prefix but a .homedirs and
       .local suffix are also looked up and loaded  if  present.   These  files  provide  dynamically  generated
       entries for user home directories and for local customizations.

       matchpathcon_init_prefix()  is  the  same  as  matchpathcon_init()  but  only  loads entries with regular
       expressions whose first pathname component is a prefix of prefix , e.g. pass "/dev" if you only intend to
       call matchpathcon() with pathnames  beginning  with  /dev.   However,  this  optimization  is  no  longer
       necessary  due to the use of file_contexts.bin files with precompiled regular expressions, so use of this
       interface is deprecated.

       matchpathcon_fini() frees the memory allocated by a prior call to matchpathcon_init.() This function  can
       be  used  to  free  and  reset  the internal state between multiple matchpathcon_init() calls, or to free
       memory when finished using matchpathcon().

       matchpathcon() matches the specified pathname, after transformation via realpath(3) excepting  any  final
       symbolic  link  component  if  S_IFLNK  was  specified  as  the  mode, and mode against the file contexts
       configuration and sets the security context con to refer to the resulting context. The caller  must  free
       the returned security context con using freecon(3) when finished using it.  mode can be 0 to disable mode
       matching,  but should be provided whenever possible, as it may affect the matching.  Only the file format
       bits (i.e. the file type) of the mode are used.  If matchpathcon_init() has not already been called, then
       this function will call it upon its first invocation with a NULL path,  defaulting  to  the  active  file
       contexts configuration.

       matchpathcon_index()  is  the  same as matchpathcon() but returns a specification index that can later be
       used in a matchpathcon_filespec_add(3) call.


RETURN VALUE
       Returns zero on success or -1 otherwise.


SEE ALSO
       selinux(8), set_matchpathcon_flags(3), set_matchpathcon_invalidcon(3), set_matchpathcon_printf(3),
       matchpathcon_filespec_add(3), matchpathcon_checkmatches(3), freecon(3), setfilecon(3), setfscreatecon(3)

sds@tycho.nsa.gov                               21 November 2009                                 matchpathcon(3)