Crate selinux

Source

Re-exports§

pub use security_server::SecurityServer;

Modules§

permission_check
policy
security_server

Structs§

FileSystemLabel
FileSystemMountOptions
SELinux security context-related filesystem mount options. These options are documented in the context=context, fscontext=context, defcontext=context, and rootcontext=context section of the mount(8) manpage.
NullessByteStr
A borrowed byte slice that contains no NUL characters by truncating the input slice at the first NUL (if any) upon construction.
SeLinuxStatus
Status information parameter for the SeLinuxStatusPublisher interface.
SecurityId
The Security ID (SID) used internally to refer to a security context.

Enums§

AbstractObjectClass
A class that may appear in SELinux policy or an access vector cache query.
AbstractPermission
A permission that may appear in SELinux policy or an access vector cache query.
AnonFsNodePermission
A well-known “anon_file” class permission used to manage special file-like nodes not linked into any directory structures.
BlockFilePermission
A well-known “blk_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
CharacterFilePermission
A well-known “chr_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
CommonFilePermission
Permissions common to all file-like object classes (e.g. “lnk_file”, “dir”). These are combined with a specific FileClass by policy enforcement hooks, to obtain class-affine permission values to check.
DirPermission
A well-known “dir” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FdPermission
A well-known “fd” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FifoFilePermission
A well-known “fifo_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FileClass
A well-known file-like class in SELinux policy that has a particular meaning in policy enforcement hooks.
FilePermission
A well-known “file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
FileSystemLabelingScheme
FileSystemPermission
A well-known “filesystem” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
InitialSid
Initial Security Identifier (SID) values actually used by this implementation. These must be present in the policy, for it to be valid.
LinkFilePermission
A well-known “lnk_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
ObjectClass
A well-known class in SELinux policy that has a particular meaning in policy enforcement hooks.
Permission
A well-known (class, permission) pair in SELinux policy that has a particular meaning in policy enforcement hooks.
ProcessPermission
A well-known “process” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.
SecurityPermission
A well-known “security” class permission in SELinux policy, used to control access to sensitive administrative and query API surfaces in the “selinuxfs”.
SocketPermission
A well-known “sock_file” class permission in SELinux policy that has a particular meaning in policy enforcement hooks.

Constants§

FIRST_UNUSED_SID
Lowest Security Identifier value guaranteed not to be used by this implementation to refer to an initial Security Context.

Traits§

ClassPermission
SeLinuxStatusPublisher
Interface for security server to interact with selinuxfs status file.