Crate selinux_sys

Source
Expand description

crates.io docs.rs license

§selinux-sys: Unsafe Rust bindings for libselinux

SELinux is a flexible Mandatory Access Control (MAC) for Linux.

This crate exposes neither deprecated nor undocumented SELinux API functions and types.

This crate is Linux-specific. Building it for non-Linux platforms, or for the Linux kernel, results in an empty crate.

§Supported environment variables

This crate depends on some environment variables, and variants of those. For each environment variable (e.g., CC), the following are the accepted variants of it:

  • <var>_<target>, e.g., CC_aarch64-unknown-linux-gnu.
  • <var>_<target-with-underscores>, e.g., CC_aarch64_unknown_linux_gnu.
  • TARGET_<var>, e.g., TARGET_CC.
  • <var>, e.g., CC.

The following environment variables (and their variants) affect how this crate is built:

  • SELINUX_STATIC
  • SELINUX_PATH
  • SELINUX_INCLUDE_DIR
  • SELINUX_LIB_DIR
  • SYSROOT
  • CC
  • CFLAGS

§Dynamic or static linking

This crate links to libselinux dynamically if possible, except when targeting platforms based on the musl C library.

This behavior can be changed either by setting the environment variable SELINUX_STATIC to 1, or by enabling the crate feature static. If both are defined, then the value of SELINUX_STATIC takes precedence.

Setting SELINUX_STATIC to 0 mandates dynamic linking.

§Finding SELinux library and headers

By default, this crate finds SELinux headers and library based on the default target C compiler.

This behavior can be changed by:

  • Either defining the environment variable SELINUX_PATH to the path of a directory containing the sub-directories include and lib where the headers and library are installed.
  • Or by defining one or both of the environment variables SELINUX_INCLUDE_DIR and SELINUX_LIB_DIR to paths to the directories where headers and library are present. If SELINUX_PATH is also defined, then SELINUX_INCLUDE_DIR and SELINUX_LIB_DIR take precedence.

§Depending on this crate

This crate provides the following variables to other crates that depend on it:

  • DEP_SELINUX_INCLUDE: Path of the directory where library C header files reside.
  • DEP_SELINUX_LIB: Path of the directory where the library binary resides.

§Versioning

This project adheres to Semantic Versioning. The CHANGELOG.md file details notable changes over time.

Modules§

digest_result
selabel_cmp_result

Structs§

SELboolean
av_decision
avc_cache_stats
avc_entry
avc_entry_ref
avc_lock_callback
avc_log_callback
avc_memory_callback
avc_thread_callback
context_s_t
dir_xattr
security_class_mapping
security_id
selabel_handle
selinux_opt

Constants§

AVC_CACHE_STATS
AVC_CALLBACK_AUDITALLOW_DISABLE
AVC_CALLBACK_AUDITALLOW_ENABLE
AVC_CALLBACK_AUDITDENY_DISABLE
AVC_CALLBACK_AUDITDENY_ENABLE
AVC_CALLBACK_GRANT
AVC_CALLBACK_RESET
AVC_CALLBACK_REVOKE
AVC_CALLBACK_TRY_REVOKE
AVC_OPT_SETENFORCE
AVC_OPT_UNUSED
MATCHPATHCON_BASEONLY
MATCHPATHCON_NOTRANS
MATCHPATHCON_VALIDATE
SECSID_WILD
Unspecified SID.
SELABEL_CTX_ANDROID_PROP
SELABEL_CTX_ANDROID_SERVICE
SELABEL_CTX_DB
SELABEL_CTX_FILE
SELABEL_CTX_MEDIA
SELABEL_CTX_X
SELABEL_DB_BLOB
SELABEL_DB_COLUMN
SELABEL_DB_DATABASE
SELABEL_DB_DATATYPE
SELABEL_DB_EXCEPTION
SELABEL_DB_LANGUAGE
SELABEL_DB_PROCEDURE
SELABEL_DB_SCHEMA
SELABEL_DB_SEQUENCE
SELABEL_DB_TABLE
SELABEL_DB_TUPLE
SELABEL_DB_VIEW
SELABEL_NOPT
SELABEL_OPT_BASEONLY
SELABEL_OPT_DIGEST
SELABEL_OPT_PATH
SELABEL_OPT_SUBSET
SELABEL_OPT_UNUSED
SELABEL_OPT_VALIDATE
SELABEL_X_CLIENT
SELABEL_X_EVENT
SELABEL_X_EXT
SELABEL_X_POLYPROP
SELABEL_X_POLYSELN
SELABEL_X_PROP
SELABEL_X_SELN
SELINUX_AVC
SELINUX_AVD_FLAGS_PERMISSIVE
SELINUX_CB_AUDIT
SELINUX_CB_LOG
SELINUX_CB_POLICYLOAD
SELINUX_CB_SETENFORCE
SELINUX_CB_VALIDATE
SELINUX_DEFAULTUSER
SELINUX_ERROR
SELINUX_INFO
SELINUX_POLICYLOAD
SELINUX_RESTORECON_ABORT_ON_ERROR
SELINUX_RESTORECON_ADD_ASSOC
SELINUX_RESTORECON_CONFLICT_ERROR
SELINUX_RESTORECON_COUNT_ERRORS
SELINUX_RESTORECON_IGNORE_DIGEST
SELINUX_RESTORECON_IGNORE_MOUNTS
SELINUX_RESTORECON_IGNORE_NOENTRY
SELINUX_RESTORECON_LOG_MATCHES
SELINUX_RESTORECON_MASS_RELABEL
SELINUX_RESTORECON_NOCHANGE
SELINUX_RESTORECON_PROGRESS
SELINUX_RESTORECON_REALPATH
SELINUX_RESTORECON_RECURSE
SELINUX_RESTORECON_SET_SPECFILE_CTX
SELINUX_RESTORECON_SKIP_DIGEST
SELINUX_RESTORECON_SYSLOG_CHANGES
SELINUX_RESTORECON_VERBOSE
SELINUX_RESTORECON_XATTR_DELETE_ALL_DIGESTS
SELINUX_RESTORECON_XATTR_DELETE_NONMATCH_DIGESTS
SELINUX_RESTORECON_XATTR_IGNORE_MOUNTS
SELINUX_RESTORECON_XATTR_RECURSE
SELINUX_RESTORECON_XDEV
SELINUX_SETENFORCE
SELINUX_TRANS_DIR
SELINUX_WARNING

Functions§

avc_add_callback
avc_audit
avc_av_stats
avc_cache_stats
avc_cleanup
avc_compute_create
avc_compute_member
avc_context_to_sid
avc_context_to_sid_raw
avc_destroy
avc_entry_ref_init
Initialize an avc_entry_ref structure.
avc_get_initial_sid
avc_has_perm
avc_has_perm_noaudit
avc_netlink_acquire_fd
avc_netlink_check_nb
avc_netlink_close
avc_netlink_loop
avc_netlink_open
avc_netlink_release_fd
avc_open
avc_reset
avc_sid_stats
avc_sid_to_context
avc_sid_to_context_raw
context_free
context_new
context_range_get
context_range_set
context_role_get
context_role_set
context_str
context_type_get
context_type_set
context_user_get
context_user_set
fgetfilecon
fgetfilecon_raw
fini_selinuxmnt
freecon
freeconary
fsetfilecon
fsetfilecon_raw
get_default_context
get_default_context_with_level
get_default_context_with_role
get_default_context_with_rolelevel
get_default_type
get_ordered_context_list
get_ordered_context_list_with_level
getcon
getcon_raw
getexeccon
getexeccon_raw
getfilecon
getfilecon_raw
getfscreatecon
getfscreatecon_raw
getkeycreatecon
getkeycreatecon_raw
getpeercon
getpeercon_raw
getpidcon
getpidcon_raw
getprevcon
getprevcon_raw
getseuser
getseuserbyname
getsockcreatecon
getsockcreatecon_raw
is_context_customizable
is_selinux_enabled
is_selinux_mls_enabled
lgetfilecon
lgetfilecon_raw
lsetfilecon
lsetfilecon_raw
manual_user_enter_context
matchmediacon
matchpathcon_checkmatches
matchpathcon_filespec_add
matchpathcon_filespec_destroy
matchpathcon_filespec_eval
mode_to_security_class
print_access_vector
query_user_context
security_av_perm_to_string
security_av_string
security_canonicalize_context
security_canonicalize_context_raw
security_check_context
security_check_context_raw
security_class_to_string
security_commit_booleans
security_compute_av
security_compute_av_flags
security_compute_av_flags_raw
security_compute_av_raw
security_compute_create
security_compute_create_name
security_compute_create_name_raw
security_compute_create_raw
security_compute_member
security_compute_member_raw
security_compute_relabel
security_compute_relabel_raw
security_deny_unknown
security_disable
security_get_boolean_active
security_get_boolean_names
security_get_boolean_pending
security_get_checkreqprot
security_get_initial_context
security_get_initial_context_raw
security_getenforce
security_load_policy
security_policyvers
security_reject_unknown
security_set_boolean
security_set_boolean_list
security_setenforce
security_validatetrans
security_validatetrans_raw
selabel_close
selabel_cmp
selabel_digest
selabel_get_digests_all_partial_matches
selabel_hash_all_partial_matches
selabel_lookup
selabel_lookup_best_match
selabel_lookup_best_match_raw
selabel_lookup_raw
selabel_open
selabel_partial_match
selabel_stats
selinux_binary_policy_path
selinux_boolean_sub
selinux_booleans_subs_path
selinux_check_access
selinux_check_securetty_context
selinux_colors_path
selinux_contexts_path
selinux_current_policy_path
selinux_customizable_types_path
selinux_default_context_path
selinux_default_type_path
selinux_failsafe_context_path
selinux_file_context_cmp
selinux_file_context_homedir_path
selinux_file_context_local_path
selinux_file_context_path
selinux_file_context_subs_dist_path
selinux_file_context_subs_path
selinux_file_context_verify
selinux_flush_class_cache
selinux_get_callback
selinux_getenforcemode
selinux_getpolicytype
selinux_homedir_context_path
selinux_init_load_policy
selinux_lsetfilecon_default
selinux_lxc_contexts_path
selinux_media_context_path
selinux_mkload_policy
selinux_netfilter_context_path
selinux_openrc_contexts_path
selinux_openssh_contexts_path
selinux_path
selinux_policy_root
selinux_raw_context_to_color
selinux_raw_to_trans_context
selinux_removable_context_path
selinux_reset_config
selinux_restorecon
selinux_restorecon_default_handle
selinux_restorecon_get_skipped_errors
selinux_restorecon_parallel
selinux_restorecon_set_alt_rootpath
selinux_restorecon_set_exclude_list
selinux_restorecon_set_sehandle
selinux_restorecon_xattr
selinux_securetty_types_path
selinux_sepgsql_context_path
selinux_set_callback
selinux_set_mapping
selinux_set_policy_root
selinux_snapperd_contexts_path
selinux_status_close
selinux_status_deny_unknown
selinux_status_getenforce
selinux_status_open
selinux_status_policyload
selinux_status_updated
selinux_systemd_contexts_path
selinux_trans_to_raw_context
selinux_translations_path
selinux_user_contexts_path
selinux_usersconf_path
selinux_virtual_domain_context_path
selinux_virtual_image_context_path
selinux_x_context_path
set_matchpathcon_canoncon
set_matchpathcon_flags
set_matchpathcon_invalidcon
set_matchpathcon_printf
set_selinuxmnt
setcon
setcon_raw
setexeccon
setexeccon_raw
setfilecon
setfilecon_raw
setfscreatecon
setfscreatecon_raw
setkeycreatecon
setkeycreatecon_raw
setsockcreatecon
setsockcreatecon_raw
string_to_av_perm
string_to_security_class

Type Aliases§

__ino_t
__mode_t
__pid_t
access_vector_t
context_t
ino_t
mode_t
pid_t
security_class_t
security_id_t

Unions§

selinux_callback