package selinux

import "k8s.io/kubernetes/pkg/util/selinux"

Package selinux contains wrapper functions for the libcontainer SELinux package. A NOP implementation is provided for non-linux platforms.

Index ¶

• func SELinuxEnabled() bool
• func SetFileLabel(path string, label string) error
• type SELinuxRunner
• func NewSELinuxRunner() SELinuxRunner

Functions ¶

func SELinuxEnabled ¶

func SELinuxEnabled() bool

SELinuxEnabled always returns false on non-linux platforms.

func SetFileLabel ¶

func SetFileLabel(path string, label string) error

FileLabel returns the SELinux label for this path or returns an error.

Types ¶

type SELinuxRunner ¶

type SELinuxRunner interface {
	// Getfilecon returns the SELinux context for the given path or returns an
	// error.
	Getfilecon(path string) (string, error)
}

Note: the libcontainer SELinux package is only built for Linux, so it is necessary to have a NOP wrapper which is built for non-Linux platforms to allow code that links to this package not to differentiate its own methods for Linux and non-Linux platforms.

SELinuxRunner wraps certain libcontainer SELinux calls. For more information, see:

https://github.com/opencontainers/runc/blob/master/libcontainer/selinux/selinux.go

func NewSELinuxRunner ¶

func NewSELinuxRunner() SELinuxRunner

NewSELinuxRunner returns a new SELinuxRunner appropriate for the platform. On Linux, all methods short-circuit and return NOP values if SELinux is disabled. On non-Linux platforms, a NOP implementation is returned.

Source Files ¶

doc.go selinux.go selinux_unsupported.go