selinux

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2020 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Overview

Package selinux contains wrapper functions for the libcontainer SELinux package. A NOP implementation is provided for non-linux platforms.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func SELinuxEnabled

func SELinuxEnabled() bool

SELinuxEnabled returns whether SELinux is enabled on the system. SELinux has a tri-state:

  1. disabled: SELinux Kernel modules not loaded, SELinux policy is not checked during Kernel MAC checks
  2. enforcing: Enabled; SELinux policy violations are denied and logged in the audit log
  3. permissive: Enabled, but SELinux policy violations are permitted and logged in the audit log

SELinuxEnabled returns true if SELinux is enforcing or permissive, and false if it is disabled.

Types

type SELinuxRunner

type SELinuxRunner interface {
	// Getfilecon returns the SELinux context for the given path or returns an
	// error.
	Getfilecon(path string) (string, error)
}

Note: the libcontainer SELinux package is only built for Linux, so it is necessary to have a NOP wrapper which is built for non-Linux platforms to allow code that links to this package not to differentiate its own methods for Linux and non-Linux platforms.

SELinuxRunner wraps certain libcontainer SELinux calls. For more information, see:

https://github.com/opencontainers/runc/blob/master/libcontainer/selinux/selinux.go

func NewSELinuxRunner

func NewSELinuxRunner() SELinuxRunner

NewSELinuxRunner returns a new SELinuxRunner appropriate for the platform. On Linux, all methods short-circuit and return NOP values if SELinux is disabled. On non-Linux platforms, a NOP implementation is returned.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL