Package selinux contains wrapper functions for the libcontainer SELinux package. A NOP implementation is provided for non-linux platforms.
func SELinuxEnabled ¶
func SELinuxEnabled() bool
SELinuxEnabled returns whether SELinux is enabled on the system. SELinux has a tri-state:
1. disabled: SELinux Kernel modules not loaded, SELinux policy is not
checked during Kernel MAC checks
2. enforcing: Enabled; SELinux policy violations are denied and logged
in the audit log
3. permissive: Enabled, but SELinux policy violations are permitted and
logged in the audit log
SELinuxEnabled returns true if SELinux is enforcing or permissive, and false if it is disabled.
type SELinuxRunner ¶
Note: the libcontainer SELinux package is only built for Linux, so it is necessary to have a NOP wrapper which is built for non-Linux platforms to allow code that links to this package not to differentiate its own methods for Linux and non-Linux platforms.
SELinuxRunner wraps certain libcontainer SELinux calls. For more information, see: