Version: v1.23.2 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jan 19, 2022 License: Apache-2.0 Imports: 1 Imported by: 30



Package selinux contains wrapper functions for the libcontainer SELinux package. A NOP implementation is provided for non-linux platforms.



This section is empty.


This section is empty.


func SELinuxEnabled added in v1.5.0

func SELinuxEnabled() bool

SELinuxEnabled returns whether SELinux is enabled on the system. SELinux has a tri-state:

1. disabled: SELinux Kernel modules not loaded, SELinux policy is not

checked during Kernel MAC checks

2. enforcing: Enabled; SELinux policy violations are denied and logged

in the audit log

3. permissive: Enabled, but SELinux policy violations are permitted and

logged in the audit log

SELinuxEnabled returns true if SELinux is enforcing or permissive, and false if it is disabled.

func SetFileLabel added in v1.15.0

func SetFileLabel(path string, label string) error

SetFileLabel applies the SELinux label on the path or returns an error.


type SELinuxRunner added in v1.5.0

type SELinuxRunner interface {
	// Getfilecon returns the SELinux context for the given path or returns an
	// error.
	Getfilecon(path string) (string, error)

Note: the libcontainer SELinux package is only built for Linux, so it is necessary to have a NOP wrapper which is built for non-Linux platforms to allow code that links to this package not to differentiate its own methods for Linux and non-Linux platforms.

SELinuxRunner wraps certain libcontainer SELinux calls. For more information, see:

func NewSELinuxRunner added in v1.5.0

func NewSELinuxRunner() SELinuxRunner

NewSELinuxRunner returns a new SELinuxRunner appropriate for the platform. On Linux, all methods short-circuit and return NOP values if SELinux is disabled. On non-Linux platforms, a NOP implementation is returned.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL