package selinux
import "k8s.io/kubernetes/pkg/util/selinux"
Package selinux contains wrapper functions for the libcontainer SELinux package. A NOP implementation is provided for non-linux platforms.
Index ¶
Functions ¶
func SELinuxEnabled ¶
func SELinuxEnabled() bool
SELinuxEnabled returns whether SELinux is enabled on the system. SELinux has a tri-state:
- disabled: SELinux Kernel modules not loaded, SELinux policy is not checked during Kernel MAC checks
- enforcing: Enabled; SELinux policy violations are denied and logged in the audit log
- permissive: Enabled, but SELinux policy violations are permitted and logged in the audit log
SELinuxEnabled returns true if SELinux is enforcing or permissive, and false if it is disabled.
func SetFileLabel ¶
SetFileLabel applies the SELinux label on the path or returns an error.
Types ¶
type SELinuxRunner ¶
type SELinuxRunner interface {
// Getfilecon returns the SELinux context for the given path or returns an
// error.
Getfilecon(path string) (string, error)
}
Note: the libcontainer SELinux package is only built for Linux, so it is necessary to have a NOP wrapper which is built for non-Linux platforms to allow code that links to this package not to differentiate its own methods for Linux and non-Linux platforms.
SELinuxRunner wraps certain libcontainer SELinux calls. For more information, see:
https://github.com/opencontainers/runc/blob/master/libcontainer/selinux/selinux.go
func NewSELinuxRunner ¶
func NewSELinuxRunner() SELinuxRunner
NewSELinuxRunner returns a new SELinuxRunner appropriate for the platform. On Linux, all methods short-circuit and return NOP values if SELinux is disabled. On non-Linux platforms, a NOP implementation is returned.
Source Files ¶
doc.go selinux.go selinux_linux.go
- Version
- v1.15.6
- Published
- Nov 9, 2019
- Platform
- linux/amd64
- Imports
- 1 packages
- Last checked
- 19 minutes ago –
Tools for package owners.