Crate selinux_sys[−][src]

`selinux-sys`: Unsafe Rust bindings for `libselinux`

SELinux is a flexible Mandatory Access Control (MAC) for Linux.

This crate exposes neither deprecated nor undocumented SELinux API functions and types.

This crate is Linux-specific. Building it for non-Linux platforms, or for the Linux kernel, results in an empty crate.

Supported environment variables

This crate depends on some environment variables, and variants of those. For each environment variable (e.g., CC), the following are the accepted variants of it:

<var>_<target>, e.g., CC_aarch64-unknown-linux-gnu.
<var>_<target-with-underscores>, e.g., CC_aarch64_unknown_linux_gnu.
TARGET_<var>, e.g., TARGET_CC.
<var>, e.g., CC.

The following environment variables (and their variants) affect how this crate is built:

SELINUX_STATIC
SELINUX_PATH
SELINUX_INCLUDE_DIR
SELINUX_LIB_DIR
CC
CFLAGS

Dynamic or static linking

This crate links to libselinux dynamically if possible, except when targeting platforms based on the musl C library.

This behavior can be changed either by setting the environment variable SELINUX_STATIC to 1, or by enabling the crate feature static. If both are defined, then the value of SELINUX_STATIC takes precedence.

Setting SELINUX_STATIC to 0 mandates dynamic linking.

Finding SELinux library and headers

By default, this crate finds SELinux headers and library based on the default target C compiler.

This behavior can be changed by:

Either defining the environment variable SELINUX_PATH to the path of a directory containing the sub-directories include and lib where the headers and library are installed.
Or by defining one or both of the environment variables SELINUX_INCLUDE_DIR and SELINUX_LIB_DIR to paths to the directories where headers and library are present. If SELINUX_PATH is also defined, then SELINUX_INCLUDE_DIR and SELINUX_LIB_DIR take precedence.

Depending on this crate

This crate provides the following variables to other crates that depend on it:

DEP_SELINUX_INCLUDE: Path of the directory where library C header files reside.
DEP_SELINUX_LIB: Path of the directory where the library binary resides.

Versioning

This project adheres to Semantic Versioning. The CHANGELOG.md file details notable changes over time.

Modules

digest_result
selabel_cmp_result

Structs

SELboolean
av_decision
avc_cache_stats
avc_entry
avc_entry_ref
avc_lock_callback
avc_log_callback
avc_memory_callback
avc_thread_callback
context_s_t
dir_xattr
security_class_mapping
security_id
selabel_handle
selinux_opt

Constants

AVC_CACHE_STATS
AVC_CALLBACK_AUDITALLOW_DISABLE
AVC_CALLBACK_AUDITALLOW_ENABLE
AVC_CALLBACK_AUDITDENY_DISABLE
AVC_CALLBACK_AUDITDENY_ENABLE
AVC_CALLBACK_GRANT
AVC_CALLBACK_RESET
AVC_CALLBACK_REVOKE
AVC_CALLBACK_TRY_REVOKE
AVC_OPT_SETENFORCE
AVC_OPT_UNUSED
MATCHPATHCON_BASEONLY
MATCHPATHCON_NOTRANS
MATCHPATHCON_VALIDATE
SECSID_WILD	Unspecified SID.
SELABEL_CTX_ANDROID_PROP
SELABEL_CTX_ANDROID_SERVICE
SELABEL_CTX_DB
SELABEL_CTX_FILE
SELABEL_CTX_MEDIA
SELABEL_CTX_X
SELABEL_DB_BLOB
SELABEL_DB_COLUMN
SELABEL_DB_DATABASE
SELABEL_DB_DATATYPE
SELABEL_DB_EXCEPTION
SELABEL_DB_LANGUAGE
SELABEL_DB_PROCEDURE
SELABEL_DB_SCHEMA
SELABEL_DB_SEQUENCE
SELABEL_DB_TABLE
SELABEL_DB_TUPLE
SELABEL_DB_VIEW
SELABEL_NOPT
SELABEL_OPT_BASEONLY
SELABEL_OPT_DIGEST
SELABEL_OPT_PATH
SELABEL_OPT_SUBSET
SELABEL_OPT_UNUSED
SELABEL_OPT_VALIDATE
SELABEL_X_CLIENT
SELABEL_X_EVENT
SELABEL_X_EXT
SELABEL_X_POLYPROP
SELABEL_X_POLYSELN
SELABEL_X_PROP
SELABEL_X_SELN
SELINUX_AVC
SELINUX_AVD_FLAGS_PERMISSIVE
SELINUX_CB_AUDIT
SELINUX_CB_LOG
SELINUX_CB_POLICYLOAD
SELINUX_CB_SETENFORCE
SELINUX_CB_VALIDATE
SELINUX_DEFAULTUSER
SELINUX_ERROR
SELINUX_INFO
SELINUX_RESTORECON_ABORT_ON_ERROR
SELINUX_RESTORECON_ADD_ASSOC
SELINUX_RESTORECON_IGNORE_DIGEST
SELINUX_RESTORECON_IGNORE_MOUNTS
SELINUX_RESTORECON_IGNORE_NOENTRY
SELINUX_RESTORECON_LOG_MATCHES
SELINUX_RESTORECON_MASS_RELABEL
SELINUX_RESTORECON_NOCHANGE
SELINUX_RESTORECON_PROGRESS
SELINUX_RESTORECON_REALPATH
SELINUX_RESTORECON_RECURSE
SELINUX_RESTORECON_SET_SPECFILE_CTX
SELINUX_RESTORECON_SKIP_DIGEST
SELINUX_RESTORECON_SYSLOG_CHANGES
SELINUX_RESTORECON_VERBOSE
SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS
SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS
SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS
SELINUX_RESTORECON_XATTR_RECURSE
SELINUX_RESTORECON_XDEV
SELINUX_TRANS_DIR
SELINUX_WARNING

Functions

avc_add_callback ^⚠
avc_audit ^⚠
avc_av_stats ^⚠
avc_cache_stats ^⚠
avc_cleanup ^⚠
avc_compute_create ^⚠
avc_compute_member ^⚠
avc_context_to_sid ^⚠
avc_context_to_sid_raw ^⚠
avc_destroy ^⚠
avc_entry_ref_init ^⚠	Initialize an `avc_entry_ref` structure.
avc_get_initial_sid ^⚠
avc_has_perm ^⚠
avc_has_perm_noaudit ^⚠
avc_netlink_acquire_fd ^⚠
avc_netlink_check_nb ^⚠
avc_netlink_close ^⚠
avc_netlink_loop ^⚠
avc_netlink_open ^⚠
avc_netlink_release_fd ^⚠
avc_open ^⚠
avc_reset ^⚠
avc_sid_stats ^⚠
avc_sid_to_context ^⚠
avc_sid_to_context_raw ^⚠
context_free ^⚠
context_new ^⚠
context_range_get ^⚠
context_range_set ^⚠
context_role_get ^⚠
context_role_set ^⚠
context_str ^⚠
context_type_get ^⚠
context_type_set ^⚠
context_user_get ^⚠
context_user_set ^⚠
fgetfilecon ^⚠
fgetfilecon_raw ^⚠
fini_selinuxmnt ^⚠
freecon ^⚠
freeconary ^⚠
fsetfilecon ^⚠
fsetfilecon_raw ^⚠
get_default_context ^⚠
get_default_context_with_level ^⚠
get_default_context_with_role ^⚠
get_default_context_with_rolelevel ^⚠
get_default_type ^⚠
get_ordered_context_list ^⚠
get_ordered_context_list_with_level ^⚠
getcon ^⚠
getcon_raw ^⚠
getexeccon ^⚠
getexeccon_raw ^⚠
getfilecon ^⚠
getfilecon_raw ^⚠
getfscreatecon ^⚠
getfscreatecon_raw ^⚠
getkeycreatecon ^⚠
getkeycreatecon_raw ^⚠
getpeercon ^⚠
getpeercon_raw ^⚠
getpidcon ^⚠
getpidcon_raw ^⚠
getprevcon ^⚠
getprevcon_raw ^⚠
getseuserbyname ^⚠
getsockcreatecon ^⚠
getsockcreatecon_raw ^⚠
is_context_customizable ^⚠
is_selinux_enabled ^⚠
is_selinux_mls_enabled ^⚠
lgetfilecon ^⚠
lgetfilecon_raw ^⚠
lsetfilecon ^⚠
lsetfilecon_raw ^⚠
manual_user_enter_context ^⚠
matchmediacon ^⚠
matchpathcon_checkmatches ^⚠
matchpathcon_filespec_add ^⚠
matchpathcon_filespec_destroy ^⚠
matchpathcon_filespec_eval ^⚠
mode_to_security_class ^⚠
print_access_vector ^⚠
query_user_context ^⚠
security_av_perm_to_string ^⚠
security_av_string ^⚠
security_canonicalize_context ^⚠
security_canonicalize_context_raw ^⚠
security_check_context ^⚠
security_check_context_raw ^⚠
security_class_to_string ^⚠
security_commit_booleans ^⚠
security_compute_av ^⚠
security_compute_av_flags ^⚠
security_compute_av_flags_raw ^⚠
security_compute_av_raw ^⚠
security_compute_create ^⚠
security_compute_create_name ^⚠
security_compute_create_name_raw ^⚠
security_compute_create_raw ^⚠
security_compute_member ^⚠
security_compute_member_raw ^⚠
security_compute_relabel ^⚠
security_compute_relabel_raw ^⚠
security_deny_unknown ^⚠
security_disable ^⚠
security_get_boolean_active ^⚠
security_get_boolean_names ^⚠
security_get_boolean_pending ^⚠
security_get_checkreqprot ^⚠
security_get_initial_context ^⚠
security_get_initial_context_raw ^⚠
security_getenforce ^⚠
security_load_policy ^⚠
security_policyvers ^⚠
security_reject_unknown ^⚠
security_set_boolean ^⚠
security_set_boolean_list ^⚠
security_setenforce ^⚠
security_validatetrans ^⚠
security_validatetrans_raw ^⚠
selabel_close ^⚠
selabel_cmp ^⚠
selabel_digest ^⚠
selabel_get_digests_all_partial_matches ^⚠
selabel_hash_all_partial_matches ^⚠
selabel_lookup ^⚠
selabel_lookup_best_match ^⚠
selabel_lookup_best_match_raw ^⚠
selabel_lookup_raw ^⚠
selabel_open ^⚠
selabel_partial_match ^⚠
selabel_stats ^⚠
selinux_binary_policy_path ^⚠
selinux_boolean_sub ^⚠
selinux_booleans_subs_path ^⚠
selinux_check_access ^⚠
selinux_check_securetty_context ^⚠
selinux_colors_path ^⚠
selinux_contexts_path ^⚠
selinux_current_policy_path ^⚠
selinux_customizable_types_path ^⚠
selinux_default_context_path ^⚠
selinux_default_type_path ^⚠
selinux_failsafe_context_path ^⚠
selinux_file_context_cmp ^⚠
selinux_file_context_homedir_path ^⚠
selinux_file_context_local_path ^⚠
selinux_file_context_path ^⚠
selinux_file_context_subs_dist_path ^⚠
selinux_file_context_subs_path ^⚠
selinux_file_context_verify ^⚠
selinux_get_callback ^⚠
selinux_getenforcemode ^⚠
selinux_getpolicytype ^⚠
selinux_homedir_context_path ^⚠
selinux_init_load_policy ^⚠
selinux_lsetfilecon_default ^⚠
selinux_lxc_contexts_path ^⚠
selinux_media_context_path ^⚠
selinux_mkload_policy ^⚠
selinux_netfilter_context_path ^⚠
selinux_openrc_contexts_path ^⚠
selinux_openssh_contexts_path ^⚠
selinux_path ^⚠
selinux_policy_root ^⚠
selinux_raw_context_to_color ^⚠
selinux_raw_to_trans_context ^⚠
selinux_removable_context_path ^⚠
selinux_reset_config ^⚠
selinux_restorecon ^⚠
selinux_restorecon_default_handle ^⚠
selinux_restorecon_set_alt_rootpath ^⚠
selinux_restorecon_set_exclude_list ^⚠
selinux_restorecon_set_sehandle ^⚠
selinux_restorecon_xattr ^⚠
selinux_securetty_types_path ^⚠
selinux_sepgsql_context_path ^⚠
selinux_set_callback ^⚠
selinux_set_mapping ^⚠
selinux_set_policy_root ^⚠
selinux_snapperd_contexts_path ^⚠
selinux_status_close ^⚠
selinux_status_deny_unknown ^⚠
selinux_status_getenforce ^⚠
selinux_status_open ^⚠
selinux_status_policyload ^⚠
selinux_status_updated ^⚠
selinux_systemd_contexts_path ^⚠
selinux_trans_to_raw_context ^⚠
selinux_translations_path ^⚠
selinux_user_contexts_path ^⚠
selinux_usersconf_path ^⚠
selinux_virtual_domain_context_path ^⚠
selinux_virtual_image_context_path ^⚠
selinux_x_context_path ^⚠
set_matchpathcon_canoncon ^⚠
set_matchpathcon_flags ^⚠
set_matchpathcon_invalidcon ^⚠
set_matchpathcon_printf ^⚠
set_selinuxmnt ^⚠
setcon ^⚠
setcon_raw ^⚠
setexeccon ^⚠
setexeccon_raw ^⚠
setfilecon ^⚠
setfilecon_raw ^⚠
setfscreatecon ^⚠
setfscreatecon_raw ^⚠
setkeycreatecon ^⚠
setkeycreatecon_raw ^⚠
setsockcreatecon ^⚠
setsockcreatecon_raw ^⚠
string_to_av_perm ^⚠
string_to_security_class ^⚠

Type Definitions

__ino_t
__mode_t
__pid_t
__uint8_t
__uint32_t
access_vector_t
context_t
ino_t
mode_t
pid_t
security_class_t
security_id_t

Unions

selinux_callback

Crate selinux_sys⎘[−][src]

Crate selinux_sys[−][src]