1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
<h4 class="subsection">Extended File Attributes</h4> <p>On some operating systems, each file can be associated with arbitrary <em>extended file attributes</em>. At present, Emacs supports querying and setting two specific sets of extended file attributes: Access Control Lists (ACLs) and SELinux contexts. These extended file attributes are used, on some systems, to impose more sophisticated file access controls than the basic Unix-style permissions discussed in the previous sections. </p> <p>A detailed explanation of ACLs and SELinux is beyond the scope of this manual. For our purposes, each file can be associated with an <em>ACL</em>, which specifies its properties under an ACL-based file control system, and/or an <em>SELinux context</em>, which specifies its properties under the SELinux system. </p> <dl> <dt id="file-acl">Function: <strong>file-acl</strong> <em>filename</em>
</dt> <dd>
<p>This function returns the ACL for the file <var>filename</var>. The exact Lisp representation of the ACL is unspecified (and may change in future Emacs versions), but it is the same as what <code>set-file-acl</code> takes for its <var>acl</var> argument (see <a href="changing-files">Changing Files</a>). </p> <p>The underlying ACL implementation is platform-specific; on GNU/Linux and BSD, Emacs uses the POSIX ACL interface, while on MS-Windows Emacs emulates the POSIX ACL interface with native file security APIs. </p> <p>If ACLs are not supported or the file does not exist, then the return value is <code>nil</code>. </p>
</dd>
</dl> <dl> <dt id="file-selinux-context">Function: <strong>file-selinux-context</strong> <em>filename</em>
</dt> <dd>
<p>This function returns the SELinux context of the file <var>filename</var>, as a list of the form <code>(<var>user</var> <var>role</var> <var>type</var>
<var>range</var>)</code>. The list elements are the context’s user, role, type, and range respectively, as Lisp strings; see the SELinux documentation for details about what these actually mean. The return value has the same form as what <code>set-file-selinux-context</code> takes for its <var>context</var> argument (see <a href="changing-files">Changing Files</a>). </p> <p>If SELinux is not supported or the file does not exist, then the return value is <code>(nil nil nil nil)</code>. </p>
</dd>
</dl> <dl> <dt id="file-extended-attributes">Function: <strong>file-extended-attributes</strong> <em>filename</em>
</dt> <dd>
<p>This function returns an alist of the Emacs-recognized extended attributes of file <var>filename</var>. Currently, it serves as a convenient way to retrieve both the ACL and SELinux context; you can then call the function <code>set-file-extended-attributes</code>, with the returned alist as its second argument, to apply the same file access attributes to another file (see <a href="changing-files">Changing Files</a>). </p> <p>One of the elements is <code>(acl . <var>acl</var>)</code>, where <var>acl</var> has the same form returned by <code>file-acl</code>. </p> <p>Another element is <code>(selinux-context . <var>context</var>)</code>, where <var>context</var> is the SELinux context, in the same form returned by <code>file-selinux-context</code>. </p>
</dd>
</dl><div class="_attribution">
<p class="_attribution-p">
Copyright © 1990-1996, 1998-2022 Free Software Foundation, Inc. <br>Licensed under the GNU GPL license.<br>
<a href="https://www.gnu.org/software/emacs/manual/html_node/elisp/Extended-Attributes.html" class="_attribution-link">https://www.gnu.org/software/emacs/manual/html_node/elisp/Extended-Attributes.html</a>
</p>
</div>
|
