package selinux

libcontainer – github.com/docker/libcontainer/selinux Index | Files

import "github.com/docker/libcontainer/selinux"

Index ¶

Constants
func Chcon(fpath string, scon string, recurse bool) error
func CopyLevel(src, dest string) (string, error)
func DisableSecOpt() []string
func DupSecOpt(src string) []string
func FreeLxcContexts(scon string)
func GetLxcContexts() (processLabel string, fileLabel string)
func Getcon() (string, error)
func Getexeccon() (string, error)
func Getfilecon(path string) (string, error)
func Getfscreatecon() (string, error)
func Getpidcon(pid int) (string, error)
func IntToMcs(id int, catRange uint32) string
func ReserveLabel(scon string)
func SecurityCheckContext(val string) error
func SelinuxEnabled() bool
func SelinuxGetEnforce() int
func SelinuxGetEnforceMode() int
func SetDisabled()
func Setexeccon(scon string) error
func Setfilecon(path string, scon string) error
func Setfscreatecon(scon string) error
type SELinuxContext

func NewContext(scon string) SELinuxContext
func (c SELinuxContext) Get() string

Constants ¶

const (
	Enforcing  = 1
	Permissive = 0
	Disabled   = -1
)

Functions ¶

func Chcon ¶

func Chcon(fpath string, scon string, recurse bool) error

Change the fpath file object to the SELinux label scon. If the fpath is a directory and recurse is true Chcon will walk the directory tree setting the label

func CopyLevel ¶

func CopyLevel(src, dest string) (string, error)

func DisableSecOpt ¶

func DisableSecOpt() []string

DisableSecOpt returns a security opt that can be used to disabling SELinux labeling support for future container processes

func DupSecOpt ¶

func DupSecOpt(src string) []string

DupSecOpt takes an SELinux process label and returns security options that can will set the SELinux Type and Level for future container processes

func FreeLxcContexts ¶

func FreeLxcContexts(scon string)

func GetLxcContexts ¶

func GetLxcContexts() (processLabel string, fileLabel string)

func Getcon ¶

func Getcon() (string, error)

Getcon returns the SELinux label of the current process thread, or an error.

func Getexeccon ¶

func Getexeccon() (string, error)

func Getfilecon ¶

func Getfilecon(path string) (string, error)

Getfilecon returns the SELinux label for this path or returns an error.

func Getfscreatecon ¶

func Getfscreatecon() (string, error)

func Getpidcon ¶

func Getpidcon(pid int) (string, error)

Getpidcon returns the SELinux label of the given pid, or an error.

func IntToMcs ¶

func IntToMcs(id int, catRange uint32) string

func ReserveLabel ¶

func ReserveLabel(scon string)

func SecurityCheckContext ¶

func SecurityCheckContext(val string) error

func SelinuxEnabled ¶

func SelinuxEnabled() bool

SelinuxEnabled returns whether selinux is currently enabled.

func SelinuxGetEnforce ¶

func SelinuxGetEnforce() int

func SelinuxGetEnforceMode ¶

func SelinuxGetEnforceMode() int

func SetDisabled ¶

func SetDisabled()

SetDisabled disables selinux support for the package

func Setexeccon ¶

func Setexeccon(scon string) error

func Setfilecon ¶

func Setfilecon(path string, scon string) error

Setfilecon sets the SELinux label for this path or returns an error.

func Setfscreatecon ¶

func Setfscreatecon(scon string) error

Types ¶

type SELinuxContext ¶

type SELinuxContext map[string]string

func NewContext ¶

func NewContext(scon string) SELinuxContext

func (SELinuxContext) Get ¶

func (c SELinuxContext) Get() string

Source Files ¶

selinux.go

Version: v2.2.1+incompatible (latest)
Published: Jun 15, 2015
Platform: linux/amd64
Imports: 13 packages
Last checked: 2 weeks ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples