Documentation ¶
Overview ¶
Package selinux contains wrapper functions for the libcontainer SELinux package. A NOP implementation is provided for non-linux platforms.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SELinuxEnabled ¶
func SELinuxEnabled() bool
SELinuxEnabled returns whether SELinux is enabled on the system. SELinux has a tri-state:
- disabled: SELinux Kernel modules not loaded, SELinux policy is not checked during Kernel MAC checks
- enforcing: Enabled; SELinux policy violations are denied and logged in the audit log
- permissive: Enabled, but SELinux policy violations are permitted and logged in the audit log
SELinuxEnabled returns true if SELinux is enforcing or permissive, and false if it is disabled.
Types ¶
type SELinuxRunner ¶
type SELinuxRunner interface { // Getfilecon returns the SELinux context for the given path or returns an // error. Getfilecon(path string) (string, error) }
Note: the libcontainer SELinux package is only built for Linux, so it is necessary to have a NOP wrapper which is built for non-Linux platforms to allow code that links to this package not to differentiate its own methods for Linux and non-Linux platforms.
SELinuxRunner wraps certain libcontainer SELinux calls. For more information, see:
https://github.com/opencontainers/runc/blob/master/libcontainer/selinux/selinux.go
func NewSELinuxRunner ¶
func NewSELinuxRunner() SELinuxRunner
NewSELinuxRunner returns a new SELinuxRunner appropriate for the platform. On Linux, all methods short-circuit and return NOP values if SELinux is disabled. On non-Linux platforms, a NOP implementation is returned.