Crate selinux

Source

Re-exports§

pub use security_server::SecurityServer;

Modules§

permission_check
policy
security_server

Structs§

FileSystemLabel
FileSystemMountOptions
SELinux security context-related filesystem mount options. These options are documented in the context=context, fscontext=context, defcontext=context, and rootcontext=context section of the mount(8) manpage.
FileSystemMountSids
NullessByteStr
A borrowed byte slice that contains no NUL characters by truncating the input slice at the first NUL (if any) upon construction.
SeLinuxStatus
Status information parameter for the SeLinuxStatusPublisher interface.
SecurityId
The Security ID (SID) used internally to refer to a security context.

Enums§

AbstractObjectClass
A class that may appear in SELinux policy or an access vector cache query.
AbstractPermission
A permission that may appear in SELinux policy or an access vector cache query.
AnonFsNodePermission
A well-known “anon_file” class permission used to manage special file-like nodes not linked into any directory structures.
BlockFilePermission
A well-known “blk_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
Cap2Class
Covers the set of classes that inherit from the common “cap2” symbol (e.g. “capability2” for now and “cap2_userns” after Starnix gains user namespacing support).
CapClass
Covers the set of classes that inherit from the common “cap” symbol (e.g. “capability” for now and “cap_userns” after Starnix gains user namespacing support).
Capability2Permission
A well-known “capability2” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
CapabilityPermission
A well-known “capability” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
CharacterFilePermission
A well-known “chr_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
CommonCap2Permission
Permissions common to all cap2-like object classes (e.g. “capability2” for now and “cap2_userns” after Starnix gains user namespacing support). These are combined with a specific Capability2Class by policy enforcement hooks, to obtain class-affine permission values to check.
CommonCapPermission
Permissions common to all cap-like object classes (e.g. “capability” for now and “cap_userns” after Starnix gains user namespacing support). These are combined with a specific CapabilityClass by policy enforcement hooks, to obtain class-affine permission values to check.
CommonFilePermission
Permissions common to all file-like object classes (e.g. “lnk_file”, “dir”). These are combined with a specific FileClass by policy enforcement hooks, to obtain class-affine permission values to check.
CommonFsNodePermission
Permissions meaningful for all [crate::vfs::FsNode]s, whether file- or socket-like.
CommonSocketPermission
Permissions common to all socket-like object classes. These are combined with a specific SocketClass by policy enforcement hooks, to obtain class-affine permission values.
DirPermission
A well-known “dir” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FdPermission
A well-known “fd” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FifoFilePermission
A well-known “fifo_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FileClass
A well-known file-like class in SELinux policy that has a particular meaning in policy enforcement hooks.
FilePermission
A well-known “file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FileSystemLabelingScheme
FileSystemPermission
A well-known “filesystem” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FsNodeClass
Container for a security class that could be associated with a [crate::vfs::FsNode], to allow permissions common to both file-like and socket-like classes to be generated easily by hooks.
InitialSid
Initial Security Identifier (SID) values actually used by this implementation. These must be present in the policy, for it to be valid.
LinkFilePermission
A well-known “lnk_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
ObjectClass
A well-known class in SELinux policy that has a particular meaning in policy enforcement hooks.
Permission
A well-known (class, permission) pair in SELinux policy that has a particular meaning in policy enforcement hooks.
ProcessPermission
A well-known “process” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
SecurityPermission
A well-known “security” class permission in SELinux policy, used to control access to sensitive administrative and query API surfaces in the “selinuxfs”.
SockFilePermission
A well-known “sock_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
SocketClass
Distinguishes socket-like kernel object classes defined in SELinux policy.
SocketPermission
A well-known “socket” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.

Constants§

FIRST_UNUSED_SID
Lowest Security Identifier value guaranteed not to be used by this implementation to refer to an initial Security Context.

Traits§

ClassPermission
SeLinuxStatusPublisher
Interface for security server to interact with selinuxfs status file.