selinux

package
v1.9.0-beta.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 2, 2024 License: MPL-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package selinux provides generic code for managing SELinux.

Index

Constants

This section is empty.

Variables

View Source 
var IsEnabled = sync.OnceValue(func() bool {
	if _, err := os.Stat("/usr/etc/in-container"); err == nil {
		return false
	}

	val := procfs.ProcCmdline().Get(constants.KernelParamSELinux).First()

	return val != nil && *val == "1"
})

IsEnabled checks if SELinux is enabled on the system by reading the kernel command line. It returns true if SELinux is enabled, otherwise it returns false. It also ensures we're not in a container. By default SELinux is disabled.

View Source 
var IsEnforcing = sync.OnceValue(func() bool {
	if !IsEnabled() {
		return false
	}

	val := procfs.ProcCmdline().Get(constants.KernelParamSELinuxEnforcing).First()

	return val != nil && *val == "1"
})

IsEnforcing checks if SELinux is enabled and the mode should be enforcing. By default if SELinux is enabled we consider it to be permissive.

Functions

func Init 

func Init() error

Init initializes SELinux based on the configured mode. It loads the policy and enforces it if necessary.

func SetLabel 

func SetLabel(filename string, label string) error

SetLabel sets label for file, directory or symlink (not following symlinks) It does not perform the operation in case SELinux is disabled, provided label is empty or already set.

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.