Merge pull request #435 from pmorie/selinux-doc

Add godoc for selinux package
This commit is contained in:
Mrunal Patel 2015-03-06 12:33:03 -08:00
commit 83663f82e3
1 changed files with 12 additions and 4 deletions

View File

@ -37,8 +37,8 @@ var (
spaceRegex = regexp.MustCompile(`^([^=]+) (.*)$`) spaceRegex = regexp.MustCompile(`^([^=]+) (.*)$`)
mcsList = make(map[string]bool) mcsList = make(map[string]bool)
selinuxfs = "unknown" selinuxfs = "unknown"
selinuxEnabled = false selinuxEnabled = false // Stores whether selinux is currently enabled
selinuxEnabledChecked = false selinuxEnabledChecked = false // Stores whether selinux enablement has been checked or established yet
) )
type SELinuxContext map[string]string type SELinuxContext map[string]string
@ -48,6 +48,11 @@ func SetDisabled() {
selinuxEnabled, selinuxEnabledChecked = false, true selinuxEnabled, selinuxEnabledChecked = false, true
} }
// getSelinuxMountPoint returns the path to the mountpoint of an selinuxfs
// filesystem or an empty string if no mountpoint is found. Selinuxfs is
// a proc-like pseudo-filesystem that exposes the selinux policy API to
// processes. The existence of an selinuxfs mount is used to determine
// whether selinux is currently enabled or not.
func getSelinuxMountPoint() string { func getSelinuxMountPoint() string {
if selinuxfs != "unknown" { if selinuxfs != "unknown" {
return selinuxfs return selinuxfs
@ -74,6 +79,7 @@ func getSelinuxMountPoint() string {
return selinuxfs return selinuxfs
} }
// SelinuxEnabled returns whether selinux is currently enabled.
func SelinuxEnabled() bool { func SelinuxEnabled() bool {
if selinuxEnabledChecked { if selinuxEnabledChecked {
return selinuxEnabled return selinuxEnabled
@ -145,11 +151,12 @@ func readCon(name string) (string, error) {
return val, err return val, err
} }
// Setfilecon sets the SELinux label for this path or returns an error.
func Setfilecon(path string, scon string) error { func Setfilecon(path string, scon string) error {
return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0) return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
} }
// Return the SELinux label for this path // Getfilecon returns the SELinux label for this path or returns an error.
func Getfilecon(path string) (string, error) { func Getfilecon(path string) (string, error) {
con, err := system.Lgetxattr(path, xattrNameSelinux) con, err := system.Lgetxattr(path, xattrNameSelinux)
return string(con), err return string(con), err
@ -163,11 +170,12 @@ func Getfscreatecon() (string, error) {
return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid())) return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid()))
} }
// Return the SELinux label of the current process thread. // Getcon returns the SELinux label of the current process thread, or an error.
func Getcon() (string, error) { func Getcon() (string, error) {
return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", syscall.Gettid())) return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", syscall.Gettid()))
} }
// Getpidcon returns the SELinux label of the given pid, or an error.
func Getpidcon(pid int) (string, error) { func Getpidcon(pid int) (string, error) {
return readCon(fmt.Sprintf("/proc/%d/attr/current", pid)) return readCon(fmt.Sprintf("/proc/%d/attr/current", pid))
} }