selinux

package
v1.9.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 26, 2024 License: MPL-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package selinux provides generic code for managing SELinux.

Index

Constants

This section is empty.

Variables

View Source
var IsEnabled = sync.OnceValue(func() bool {
	if _, err := os.Stat("/usr/etc/in-container"); err == nil {
		return false
	}

	val := procfs.ProcCmdline().Get(constants.KernelParamSELinux).First()

	return val != nil && *val == "1"
})

IsEnabled checks if SELinux is enabled on the system by reading the kernel command line. It returns true if SELinux is enabled, otherwise it returns false. It also ensures we're not in a container. By default SELinux is disabled.

View Source
var IsEnforcing = sync.OnceValue(func() bool {
	if !IsEnabled() {
		return false
	}

	val := procfs.ProcCmdline().Get(constants.KernelParamSELinuxEnforcing).First()

	return val != nil && *val == "1"
})

IsEnforcing checks if SELinux is enabled and the mode should be enforcing. By default if SELinux is enabled we consider it to be permissive.

Functions

func Init

func Init() error

Init initializes SELinux based on the configured mode. It loads the policy and enforces it if necessary.

func SetLabel

func SetLabel(filename string, label string) error

SetLabel sets label for file, directory or symlink (not following symlinks) It does not perform the operation in case SELinux is disabled, provided label is empty or already set.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL