SELinux security context-related filesystem mount options. These options are documented in the
context=context, fscontext=context, defcontext=context, and rootcontext=context section of
the mount(8) manpage.
Covers the set of classes that inherit from the common “cap2” symbol (e.g. “capability2” for
now and “cap2_userns” after Starnix gains user namespacing support).
Covers the set of classes that inherit from the common “cap” symbol (e.g. “capability” for
now and “cap_userns” after Starnix gains user namespacing support).
Permissions common to all cap2-like object classes (e.g. “capability2” for now and
“cap2_userns” after Starnix gains user namespacing support). These are combined with a
specific Capability2Class by policy enforcement hooks, to obtain class-affine permission
values to check.
Permissions common to all cap-like object classes (e.g. “capability” for now and
“cap_userns” after Starnix gains user namespacing support). These are combined with a
specific CapabilityClass by policy enforcement hooks, to obtain class-affine permission
values to check.
Permissions common to all file-like object classes (e.g. “lnk_file”, “dir”). These are
combined with a specific FileClass by policy enforcement hooks, to obtain class-affine
permission values to check.
Permissions common to all socket-like object classes. These are combined with a specific
SocketClass by policy enforcement hooks, to obtain class-affine permission values.
Container for a security class that could be associated with a [crate::vfs::FsNode], to allow
permissions common to both file-like and socket-like classes to be generated easily by hooks.
A well-known “security” class permission in SELinux policy, used to control access to
sensitive administrative and query API surfaces in the “selinuxfs”.