package selinux

selinux – github.com/opencontainers/selinux/go-selinux Index | Files | Directories

import "github.com/opencontainers/selinux/go-selinux"

Index ¶

Constants
func Chcon(fpath string, label string, recurse bool) error
func ContainerLabels() (processLabel string, fileLabel string)
func CopyLevel(src, dest string) (string, error)
func CurrentLabel() (string, error)
func DefaultEnforceMode() int
func DisableSecOpt() []string
func DupSecOpt(src string) []string
func EnforceMode() int
func ExecLabel() (string, error)
func FSCreateLabel() (string, error)
func FileLabel(path string) (string, error)
func GetEnabled() bool
func PidLabel(pid int) (string, error)
func ROFileLabel() (fileLabel string)
func ReleaseLabel(label string)
func ReserveLabel(label string)
func SecurityCheckContext(val string) error
func SetDisabled()
func SetEnforceMode(mode int) error
func SetExecLabel(label string) error
func SetFSCreateLabel(label string) error
func SetFileLabel(path string, label string) error
type Context

func NewContext(label string) Context
func (c Context) Get() string

Constants ¶

const (
	// Enforcing constant indicate SELinux is in enforcing mode
	Enforcing = 1
	// Permissive constant to indicate SELinux is in permissive mode
	Permissive = 0
	// Disabled constant to indicate SELinux is disabled
	Disabled = -1
)

Functions ¶

func Chcon ¶

func Chcon(fpath string, label string, recurse bool) error

Chcon changes the fpath file object to the SELinux label label. If the fpath is a directory and recurse is true Chcon will walk the directory tree setting the label

func ContainerLabels ¶

func ContainerLabels() (processLabel string, fileLabel string)

ContainerLabels returns an allocated processLabel and fileLabel to be used for container labeling by the calling process.

func CopyLevel ¶

func CopyLevel(src, dest string) (string, error)

CopyLevel returns a label with the MLS/MCS level from src label replaces on the dest label.

func CurrentLabel ¶

func CurrentLabel() (string, error)

CurrentLabel returns the SELinux label of the current process thread, or an error.

func DefaultEnforceMode ¶

func DefaultEnforceMode() int

DefaultEnforceMode returns the systems default SELinux mode Enforcing, Permissive or Disabled. Note this is is just the default at boot time. EnforceMode tells you the systems current mode.

func DisableSecOpt ¶

func DisableSecOpt() []string

DisableSecOpt returns a security opt that can be used to disabling SELinux labeling support for future container processes

func DupSecOpt ¶

func DupSecOpt(src string) []string

DupSecOpt takes an SELinux process label and returns security options that can will set the SELinux Type and Level for future container processes

func EnforceMode ¶

func EnforceMode() int

EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled

func ExecLabel ¶

func ExecLabel() (string, error)

ExecLabel returns the SELinux label that the kernel will use for any programs that are executed by the current process thread, or an error.

func FSCreateLabel ¶

func FSCreateLabel() (string, error)

FSCreateLabel returns the default label the kernel which the kernel is using for file system objects created by this task. "" indicates default.

func FileLabel ¶

func FileLabel(path string) (string, error)

Filecon returns the SELinux label for this path or returns an error.

func GetEnabled ¶

func GetEnabled() bool

GetEnabled returns whether selinux is currently enabled.

func PidLabel ¶

func PidLabel(pid int) (string, error)

PidLabel returns the SELinux label of the given pid, or an error.

func ROFileLabel ¶

func ROFileLabel() (fileLabel string)

ROFileLabel returns the specified SELinux readonly file label

func ReleaseLabel ¶

func ReleaseLabel(label string)

ReleaseLabel will unreserve the MLS/MCS Level field of the specified label. Allowing it to be used by another process.

func ReserveLabel ¶

func ReserveLabel(label string)

ReserveLabel reserves the MLS/MCS level component of the specified label

func SecurityCheckContext ¶

func SecurityCheckContext(val string) error

SecurityCheckContext validates that the SELinux label is understood by the kernel

func SetDisabled ¶

func SetDisabled()

SetDisabled disables selinux support for the package

func SetEnforceMode ¶

func SetEnforceMode(mode int) error

SetEnforce sets the current SELinux mode Enforcing, Permissive. Disabled is not valid, since this needs to be set at boot time.

func SetExecLabel ¶

func SetExecLabel(label string) error

SetExecLabel sets the SELinux label that the kernel will use for any programs that are executed by the current process thread, or an error.

func SetFSCreateLabel ¶

func SetFSCreateLabel(label string) error

SetFSCreateLabel tells kernel the label to create all file system objects created by this task. Setting label="" to return to default.

func SetFileLabel ¶

func SetFileLabel(path string, label string) error

SetFileLabel sets the SELinux label for this path or returns an error.

Types ¶

type Context ¶

type Context map[string]string

Context is a representation of the SELinux label broken into 4 parts

func NewContext ¶

func NewContext(label string) Context

NewContext creates a new Context struct from the specified label

func (Context) Get ¶

func (c Context) Get() string

Get returns the Context as a string

Source Files ¶

selinux.go xattrs.go

Directories ¶

Path	Synopsis
go-selinux/label

Version: v1.0.0-rc1
Published: Mar 22, 2017
Platform: linux/amd64
Imports: 13 packages
Last checked: 5 hours ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples