Crate selinux Copy item path
Summary Source pub use security_server::SecurityServer ;permission_check policy security_server FileSystemLabel FileSystemMountOptions SELinux security context-related filesystem mount options. These options are documented in the
context=context, fscontext=context, defcontext=context, and rootcontext=context section of
the mount(8) manpage. FileSystemMountSids NullessByteStr A borrowed byte slice that contains no NUL characters by truncating the input slice at the
first NUL (if any) upon construction. SeLinuxStatus Status information parameter for the SeLinuxStatusPublisher SecurityId The Security ID (SID) used internally to refer to a security context. AbstractObjectClass A class that may appear in SELinux policy or an access vector cache query. AbstractPermission A permission that may appear in SELinux policy or an access vector cache query. AnonFsNodePermission A well-known “anon_file” class permission used to manage special file-like nodes not linked
into any directory structures. BlockFilePermission A well-known “blk_file” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. BpfPermission A well-known “bpf” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. Cap2Class Covers the set of classes that inherit from the common “cap2” symbol (e.g. “capability2” for
now and “cap2_userns” after Starnix gains user namespacing support). CapClass Covers the set of classes that inherit from the common “cap” symbol (e.g. “capability” for
now and “cap_userns” after Starnix gains user namespacing support). Capability2Permission A well-known “capability2” class permission in SELinux policy that has a particular meaning
in policy enforcement hooks. CapabilityPermission A well-known “capability” class permission in SELinux policy that has a particular meaning
in policy enforcement hooks. CharacterFilePermission A well-known “chr_file” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. CommonCap2Permission Permissions common to all cap2-like object classes (e.g. “capability2” for now and
“cap2_userns” after Starnix gains user namespacing support). These are combined with a
specific Capability2Class by policy enforcement hooks, to obtain class-affine permission
values to check. CommonCapPermission Permissions common to all cap-like object classes (e.g. “capability” for now and
“cap_userns” after Starnix gains user namespacing support). These are combined with a
specific CapabilityClass by policy enforcement hooks, to obtain class-affine permission
values to check. CommonFilePermission Permissions common to all file-like object classes (e.g. “lnk_file”, “dir”). These are
combined with a specific FileClass by policy enforcement hooks, to obtain class-affine
permission values to check. CommonFsNodePermission Permissions meaningful for all [crate::vfs::FsNode]s, whether file- or socket-like. CommonSocketPermission Permissions common to all socket-like object classes. These are combined with a specific
SocketClass by policy enforcement hooks, to obtain class-affine permission values. DirPermission A well-known “dir” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. FdPermission A well-known “fd” class permission in SELinux policy that has a particular meaning in policy
enforcement hooks. FifoFilePermission A well-known “fifo_file” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. FileClass A well-known file-like class in SELinux policy that has a particular meaning in policy
enforcement hooks. FilePermission A well-known “file” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. FileSystemLabelingScheme FileSystemPermission A well-known “filesystem” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. FsNodeClass Container for a security class that could be associated with a [crate::vfs::FsNode], to allow
permissions common to both file-like and socket-like classes to be generated easily by hooks. InitialSid Initial Security Identifier (SID) values actually used by this implementation.
These must be present in the policy, for it to be valid. KeySocketPermission A well-known “key_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. LinkFilePermission A well-known “lnk_file” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkAuditSocketPermission A well-known “netlink_audit_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkConnectorSocketPermission A well-known “netlink_connector_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkCryptoSocketPermission A well-known “netlink_crypto_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkDnrtSocketPermission A well-known “netlink_dnrt_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkFibLookupSocketPermission A well-known “netlink_fib_lookup_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkFirewallSocketPermission A well-known “netlink_firewall_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkGenericSocketPermission A well-known “netlink_generic_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkIp6FwSocketPermission A well-known “netlink_ip6fw_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkIscsiSocketPermission A well-known “netlink_iscsi_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkKobjectUeventSocketPermission A well-known “netlink_kobject_uevent_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkNetfilterSocketPermission A well-known “netlink_netfilter_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkNflogSocketPermission A well-known “netlink_nflog_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkRdmaSocketPermission A well-known “netlink_rdma_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkRouteSocketPermission A well-known “netlink_route_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkScsitransportSocketPermission A well-known “netlink_scsitransport_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkSelinuxSocketPermission A well-known “netlink_selinux_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkSocketPermission A well-known “netlink_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkTcpDiagSocketPermission A well-known “netlink_tcpdiag_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. NetlinkXfrmSocketPermission A well-known “netlink_xfrm_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. ObjectClass A well-known class in SELinux policy that has a particular meaning in policy enforcement
hooks. PacketSocketPermission A well-known “packet_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. Permission A well-known (class, permission) pair in SELinux policy that has a particular meaning in
policy enforcement hooks. ProcessPermission A well-known “process” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. RawIpSocketPermission A well-known “rawip_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. SecurityPermission A well-known “security” class permission in SELinux policy, used to control access to
sensitive administrative and query API surfaces in the “selinuxfs”. SockFilePermission A well-known “sock_file” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. SocketClass Distinguishes socket-like kernel object classes defined in SELinux policy. SocketPermission A well-known “socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. TcpSocketPermission A well-known “tcp_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. UdpSocketPermission A well-known “udp_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. UnixDgramSocketPermission A well-known “unix_dgram_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. UnixStreamSocketPermission A well-known “unix_stream_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. VsockSocketPermission A well-known “vsock_socket” class permission in SELinux policy that has a particular meaning in
policy enforcement hooks. FIRST_UNUSED_SID Lowest Security Identifier value guaranteed not to be used by this
implementation to refer to an initial Security Context. ClassPermission SeLinuxStatusPublisher Interface for security server to interact with selinuxfs status file.