package label

import "github.com/opencontainers/selinux/go-selinux/label"

Index ¶

• func DisableSecOpt() []string
• func FormatMountLabel(src, mountLabel string) string
• func FormatMountLabelByType(src, mountLabel, contextType string) string
• func Init()
• func InitLabels([]string) (string, string, error)
• func IsShared(string) bool
• func Relabel(string, string, bool) error
• func RelabelNeeded(string) bool
• func SetFileCreateLabel(string) error
• func SetFileLabel(string, string) error
• func Validate(string) error

Functions ¶

func DisableSecOpt ¶

func DisableSecOpt() []string

DisableSecOpt returns a security opt that can disable labeling support for future container processes

func FormatMountLabel ¶

func FormatMountLabel(src, mountLabel string) string

FormatMountLabel returns a string to be used by the mount command. Using the SELinux `context` mount option. Changing labels of files on mount points with this option can never be changed. FormatMountLabel returns a string to be used by the mount command. The format of this string will be used to alter the labeling of the mountpoint. The string returned is suitable to be used as the options field of the mount command. If you need to have additional mount point options, you can pass them in as the first parameter. Second parameter is the label that you wish to apply to all content in the mount point.

func FormatMountLabelByType ¶

func FormatMountLabelByType(src, mountLabel, contextType string) string

FormatMountLabelByType returns a string to be used by the mount command. Allow caller to specify the mount options. For example using the SELinux `fscontext` mount option would allow certain container processes to change labels of files created on the mount points, where as `context` option does not. FormatMountLabelByType returns a string to be used by the mount command. The format of this string will be used to alter the labeling of the mountpoint. The string returned is suitable to be used as the options field of the mount command. If you need to have additional mount point options, you can pass them in as the first parameter. Second parameter is the label that you wish to apply to all content in the mount point.

func Init ¶

func Init()

Init initialises the labeling system

func InitLabels ¶

func InitLabels([]string) (string, string, error)

InitLabels returns the process label and file labels to be used within the container. A list of options can be passed into this function to alter the labels.

func IsShared ¶

func IsShared(string) bool

IsShared checks that the label includes a "shared" mark

func Relabel ¶

func Relabel(string, string, bool) error

func RelabelNeeded ¶

func RelabelNeeded(string) bool

RelabelNeeded checks whether the user requested a relabel

func SetFileCreateLabel ¶

func SetFileCreateLabel(string) error

func SetFileLabel ¶

func SetFileLabel(string, string) error

func Validate ¶

func Validate(string) error

Validate checks that the label does not include unexpected options

Source Files ¶

label.go label_stub.go