This patch defines two functions.

is_context_configurable(scontext) 
This returns if if the context is in the 
/etc/selinux/*/contexts/configurable_contexts file.
0 If not and -1 on error.

Internally this calls get_configurable_context_list which returns a 
contextarray of the contexts of that file.

I have also patched the policy makefile to populate that file, but 
looking for all contexts marked as configurable.

Now I would like to use this function in restorecon/setfiles, so that by 
default they will leave configurable contexts alone.

Dan

is_context_configurable(3) SELinux API 
documentationis_context_configurable(3)



NAME
       is_context_configurable  - check whether context is configurable 
by the
       administrator.

SYNOPSIS
       #include <selinux/selinux.h>

       int is_context_configurable(security_context_t scon);


DESCRIPTION
       is_context_configurable
       This function checks  whether  scon  is  in  the  
/etc/selinux/SELINUX-
       TYPE/context/configurable_contexts  file.  A 
configurable_contexts is a
       file contexts that administrators set on the  file  system  
usually  to
       allow  certain  domains  to share the file content. restorecon 
and set-
       files by default leave these context in place.



RETURN VALUE
       returns 1 if security context is  configurable  or  0  if  it  
is  not.
       returns -1 on error


FILE
       /etc/selinux/SELINUXTYPE/context/configurable_contexts




dwalsh@redhat.com               10 January 2005     
is_context_configurable(3)