SELinux policy management

SELinux policy management — Read SELinux policy and manage filesystem labels

Synopsis

typedef             OstreeSePolicy;
OstreeSePolicy *    ostree_sepolicy_new                 (GFile *path,
                                                         GCancellable *cancellable,
                                                         GError **error);
GFile *             ostree_sepolicy_get_path            (OstreeSePolicy *self);
const char *        ostree_sepolicy_get_name            (OstreeSePolicy *self);
gboolean            ostree_sepolicy_get_label           (OstreeSePolicy *self,
                                                         const char *relpath,
                                                         guint32 unix_mode,
                                                         char **out_label,
                                                         GCancellable *cancellable,
                                                         GError **error);
enum                OstreeSePolicyRestoreconFlags;
gboolean            ostree_sepolicy_restorecon          (OstreeSePolicy *self,
                                                         const char *path,
                                                         GFileInfo *info,
                                                         GFile *target,
                                                         OstreeSePolicyRestoreconFlags flags,
                                                         char **out_new_label,
                                                         GCancellable *cancellable,
                                                         GError **error);

Description

A OstreeSePolicy object can load the SELinux policy from a given root and perform labeling.

Details

OstreeSePolicy

typedef struct OstreeSePolicy OstreeSePolicy;

ostree_sepolicy_new ()

OstreeSePolicy *    ostree_sepolicy_new                 (GFile *path,
                                                         GCancellable *cancellable,
                                                         GError **error);

path :

Path to a root directory

Returns :

An accessor object for SELinux policy in root located at path. [transfer full]

ostree_sepolicy_get_path ()

GFile *             ostree_sepolicy_get_path            (OstreeSePolicy *self);

Returns :

Path to rootfs. [transfer none]

ostree_sepolicy_get_name ()

const char *        ostree_sepolicy_get_name            (OstreeSePolicy *self);

ostree_sepolicy_get_label ()

gboolean            ostree_sepolicy_get_label           (OstreeSePolicy *self,
                                                         const char *relpath,
                                                         guint32 unix_mode,
                                                         char **out_label,
                                                         GCancellable *cancellable,
                                                         GError **error);

Store in out_label the security context for the given relpath and mode unix_mode. If the policy does not specify a label, NULL will be returned.

self :

Self

relpath :

Path

unix_mode :

Unix mode

out_label :

Return location for security context. [allow-none][out][transfer full]

cancellable :

Cancellable

error :

Error

enum OstreeSePolicyRestoreconFlags

typedef enum {
  OSTREE_SEPOLICY_RESTORECON_FLAGS_NONE,
  OSTREE_SEPOLICY_RESTORECON_FLAGS_ALLOW_NOLABEL = (1 << 0),
  OSTREE_SEPOLICY_RESTORECON_FLAGS_KEEP_EXISTING = (1 << 1)
} OstreeSePolicyRestoreconFlags;

OSTREE_SEPOLICY_RESTORECON_FLAGS_NONE

OSTREE_SEPOLICY_RESTORECON_FLAGS_ALLOW_NOLABEL

OSTREE_SEPOLICY_RESTORECON_FLAGS_KEEP_EXISTING


ostree_sepolicy_restorecon ()

gboolean            ostree_sepolicy_restorecon          (OstreeSePolicy *self,
                                                         const char *path,
                                                         GFileInfo *info,
                                                         GFile *target,
                                                         OstreeSePolicyRestoreconFlags flags,
                                                         char **out_new_label,
                                                         GCancellable *cancellable,
                                                         GError **error);

Reset the security context of target based on the SELinux policy.

self :

Self

path :

Path string to use for policy lookup

info :

File attributes. [allow-none]

target :

Physical path to target file

flags :

Flags controlling behavior

out_new_label :

New label, or NULL if unchanged. [allow-none][out]

cancellable :

Cancellable

error :

Error