On some operating systems, each file can be associated with arbitrary extended file attributes. At present, Emacs supports querying and setting two specific sets of extended file attributes: Access Control Lists (ACLs) and SELinux contexts. These extended file attributes are used, on some systems, to impose more sophisticated file access controls than the basic Unix-style permissions discussed in the previous sections.
A detailed explanation of ACLs and SELinux is beyond the scope of this manual. For our purposes, each file can be associated with an ACL, which specifies its properties under an ACL-based file control system, and/or an SELinux context, which specifies its properties under the SELinux system.
function file-acl filename
This function returns the ACL for the file
filename. The exact Lisp representation of the ACL is unspecified (and may change in future Emacs versions), but it is the same as what
set-file-acl takes for its
acl argument (see Changing Files).
The underlying ACL implementation is platform-specific; on GNU/Linux and BSD, Emacs uses the POSIX ACL interface, while on MS-Windows Emacs emulates the POSIX ACL interface with native file security APIs.
If ACLs are not supported or the file does not exist, then the return value is
function file-selinux-context filename
This function returns the SELinux context of the file
filename, as a list of the form
(user role type range). The list elements are the context’s user, role, type, and range respectively, as Lisp strings; see the SELinux documentation for details about what these actually mean. The return value has the same form as what
set-file-selinux-context takes for its
context argument (see Changing Files).
If SELinux is not supported or the file does not exist, then the return value is
(nil nil nil nil).
function file-extended-attributes filename
This function returns an alist of the Emacs-recognized extended attributes of file
filename. Currently, it serves as a convenient way to retrieve both the ACL and SELinux context; you can then call the function
set-file-extended-attributes, with the returned alist as its second argument, to apply the same file access attributes to another file (see Changing Files).
One of the elements is
(acl . acl), where
acl has the same form returned by
Another element is
(selinux-context . context), where
context is the SELinux context, in the same form returned by