Merge pull request #435 from pmorie/selinux-doc
Add godoc for selinux package
This commit is contained in:
commit
83663f82e3
|
@ -37,8 +37,8 @@ var (
|
||||||
spaceRegex = regexp.MustCompile(`^([^=]+) (.*)$`)
|
spaceRegex = regexp.MustCompile(`^([^=]+) (.*)$`)
|
||||||
mcsList = make(map[string]bool)
|
mcsList = make(map[string]bool)
|
||||||
selinuxfs = "unknown"
|
selinuxfs = "unknown"
|
||||||
selinuxEnabled = false
|
selinuxEnabled = false // Stores whether selinux is currently enabled
|
||||||
selinuxEnabledChecked = false
|
selinuxEnabledChecked = false // Stores whether selinux enablement has been checked or established yet
|
||||||
)
|
)
|
||||||
|
|
||||||
type SELinuxContext map[string]string
|
type SELinuxContext map[string]string
|
||||||
|
@ -48,6 +48,11 @@ func SetDisabled() {
|
||||||
selinuxEnabled, selinuxEnabledChecked = false, true
|
selinuxEnabled, selinuxEnabledChecked = false, true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// getSelinuxMountPoint returns the path to the mountpoint of an selinuxfs
|
||||||
|
// filesystem or an empty string if no mountpoint is found. Selinuxfs is
|
||||||
|
// a proc-like pseudo-filesystem that exposes the selinux policy API to
|
||||||
|
// processes. The existence of an selinuxfs mount is used to determine
|
||||||
|
// whether selinux is currently enabled or not.
|
||||||
func getSelinuxMountPoint() string {
|
func getSelinuxMountPoint() string {
|
||||||
if selinuxfs != "unknown" {
|
if selinuxfs != "unknown" {
|
||||||
return selinuxfs
|
return selinuxfs
|
||||||
|
@ -74,6 +79,7 @@ func getSelinuxMountPoint() string {
|
||||||
return selinuxfs
|
return selinuxfs
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// SelinuxEnabled returns whether selinux is currently enabled.
|
||||||
func SelinuxEnabled() bool {
|
func SelinuxEnabled() bool {
|
||||||
if selinuxEnabledChecked {
|
if selinuxEnabledChecked {
|
||||||
return selinuxEnabled
|
return selinuxEnabled
|
||||||
|
@ -145,11 +151,12 @@ func readCon(name string) (string, error) {
|
||||||
return val, err
|
return val, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Setfilecon sets the SELinux label for this path or returns an error.
|
||||||
func Setfilecon(path string, scon string) error {
|
func Setfilecon(path string, scon string) error {
|
||||||
return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
|
return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Return the SELinux label for this path
|
// Getfilecon returns the SELinux label for this path or returns an error.
|
||||||
func Getfilecon(path string) (string, error) {
|
func Getfilecon(path string) (string, error) {
|
||||||
con, err := system.Lgetxattr(path, xattrNameSelinux)
|
con, err := system.Lgetxattr(path, xattrNameSelinux)
|
||||||
return string(con), err
|
return string(con), err
|
||||||
|
@ -163,11 +170,12 @@ func Getfscreatecon() (string, error) {
|
||||||
return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid()))
|
return readCon(fmt.Sprintf("/proc/self/task/%d/attr/fscreate", syscall.Gettid()))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Return the SELinux label of the current process thread.
|
// Getcon returns the SELinux label of the current process thread, or an error.
|
||||||
func Getcon() (string, error) {
|
func Getcon() (string, error) {
|
||||||
return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", syscall.Gettid()))
|
return readCon(fmt.Sprintf("/proc/self/task/%d/attr/current", syscall.Gettid()))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Getpidcon returns the SELinux label of the given pid, or an error.
|
||||||
func Getpidcon(pid int) (string, error) {
|
func Getpidcon(pid int) (string, error) {
|
||||||
return readCon(fmt.Sprintf("/proc/%d/attr/current", pid))
|
return readCon(fmt.Sprintf("/proc/%d/attr/current", pid))
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue