Skip to content

Instantly share code, notes, and snippets.



Last active Feb 13, 2020
What would you like to do?
Get default selinux user context
// gcc -lselinux st.c -o st.bin
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <selinux/selinux.h>
#include <selinux/get_context_list.h>
int main(){
security_context_t *contextlist = NULL;
int rc = -1;
int count = 0;
char *linuxuser = NULL;
char *selinuxuser = NULL;
char *level = NULL;
char *newcon = NULL;
// get current user from env USER
linuxuser = getenv("USER");
printf("Got: Linux user name: %s\n", linuxuser);
count = ++count;
// get selinux user by linux user name
// int getseuserbyname(const char *linuxuser, char **selinuxuser, char **level);
rc = getseuserbyname(linuxuser, &selinuxuser, &level);
if (rc != 0)
goto exit;
printf("Got: SELinux user: %s\n", selinuxuser);
count = ++count;
printf("Got: SELinux level: %s\n", level);
count = ++count;
// Get default SELinux context for the curerent user
// or the user specified in $USER env
// int get_default_context(const char *user, char *fromcon, char **newcon);
// fromcon = NULL -> current context should be used
rc = get_default_context(selinuxuser, NULL, &newcon);
if (rc != 0)
goto exit;
printf("Got: default context for the SELinux user: %s\n", newcon);
count = ++count;
// TODO: free memory (?)
printf("Number of executed tests: %d out of 4\n", count);
printf("st finished, exit code is: %d\n", rc);
return rc;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.