Crate selinux_sys[−][src]
selinux-sys
: Unsafe Rust bindings for libselinux
SELinux is a flexible Mandatory Access Control (MAC) for Linux.
Linking options
This crate finds libselinux
based on pkg-config
.
Environment variables controlling the pkg-config
crate also affect this crate.
Depending on this crate
This crate provides the following variables to other crates that depend on it:
DEP_SELINUX_INCLUDE
: Path of the directory where library C header files reside.DEP_SELINUX_LIB
: Path of the directory where the library binary resides.
Versioning
This project adheres to Semantic Versioning.
The CHANGELOG.md
file details notable changes over time.
Modules
digest_result | |
selabel_cmp_result |
Structs
Constants
Functions
avc_add_callback⚠ | avc_add_callback - Register a callback for security events. @callback: callback function @events: bitwise OR of desired security events @ssid: source security identifier or %SECSID_WILD @tsid: target security identifier or %SECSID_WILD @tclass: target security class @perms: permissions |
avc_audit⚠ | avc_audit - Audit the granting or denial of permissions. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @requested: requested permissions @avd: access vector decisions @result: result from avc_has_perm_noaudit @auditdata: auxiliary audit data |
avc_av_stats⚠ | avc_av_stats - log av table statistics. |
avc_cache_stats⚠ | avc_cache_stats - get cache access statistics. @stats: reference to statistics structure |
avc_cleanup⚠ | avc_cleanup - Remove unused SIDs and AVC entries. |
avc_compute_create⚠ | avc_compute_create - Compute SID for labeling a new object. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @newsid: pointer to SID reference |
avc_compute_member⚠ | avc_compute_member - Compute SID for polyinstantation. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @newsid: pointer to SID reference |
avc_context_to_sid⚠ | avc_context_to_sid - get SID for context. @ctx: input security context @sid: pointer to SID reference |
avc_context_to_sid_raw⚠ | |
avc_destroy⚠ | avc_destroy - Free all AVC structures. |
avc_entry_ref_init⚠ | Initialize an |
avc_get_initial_sid⚠ | avc_get_initial_sid - get SID for an initial kernel security identifier @name: input name of initial kernel security identifier @sid: pointer to a SID reference |
avc_has_perm⚠ | avc_has_perm - Check permissions and perform any appropriate auditing. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @requested: requested permissions, interpreted based on @tclass @aeref: AVC entry reference @auditdata: auxiliary audit data |
avc_has_perm_noaudit⚠ | avc_has_perm_noaudit - Check permissions but perform no auditing. @ssid: source security identifier @tsid: target security identifier @tclass: target security class @requested: requested permissions, interpreted based on @tclass @aeref: AVC entry reference @avd: access vector decisions |
avc_netlink_acquire_fd⚠ | avc_netlink_acquire_fd - Acquire netlink socket fd. |
avc_netlink_check_nb⚠ | avc_netlink_check_nb - Check netlink socket for new messages. |
avc_netlink_close⚠ | avc_netlink_close - Close the netlink socket |
avc_netlink_loop⚠ | avc_netlink_loop - Wait for netlink messages from the kernel |
avc_netlink_open⚠ | avc_netlink_open - Create a netlink socket and connect to the kernel. |
avc_netlink_release_fd⚠ | avc_netlink_release_fd - Release netlink socket fd. |
avc_open⚠ | avc_open - Initialize the AVC. @opts: array of selabel_opt structures specifying AVC options or NULL. @nopts: number of elements in opts array or zero for no options. |
avc_reset⚠ | avc_reset - Flush the cache and reset statistics. |
avc_sid_stats⚠ | avc_sid_stats - log SID table statistics. |
avc_sid_to_context⚠ | avc_sid_to_context - get copy of context corresponding to SID. @sid: input SID @ctx: pointer to context reference |
avc_sid_to_context_raw⚠ | |
context_free⚠ | |
context_new⚠ | |
context_range_get⚠ | |
context_range_set⚠ | |
context_role_get⚠ | |
context_role_set⚠ | |
context_str⚠ | |
context_type_get⚠ | |
context_type_set⚠ | |
context_user_get⚠ | |
context_user_set⚠ | |
fgetfilecon⚠ | |
fgetfilecon_raw⚠ | |
fini_selinuxmnt⚠ | |
freecon⚠ | |
freeconary⚠ | |
fsetfilecon⚠ | |
fsetfilecon_raw⚠ | |
get_default_context⚠ | |
get_default_context_with_level⚠ | |
get_default_context_with_role⚠ | |
get_default_context_with_rolelevel⚠ | |
get_default_type⚠ | |
get_ordered_context_list⚠ | |
get_ordered_context_list_with_level⚠ | |
getcon⚠ | |
getcon_raw⚠ | |
getexeccon⚠ | |
getexeccon_raw⚠ | |
getfilecon⚠ | |
getfilecon_raw⚠ | |
getfscreatecon⚠ | |
getfscreatecon_raw⚠ | |
getkeycreatecon⚠ | |
getkeycreatecon_raw⚠ | |
getpeercon⚠ | |
getpeercon_raw⚠ | |
getpidcon⚠ | |
getpidcon_raw⚠ | |
getprevcon⚠ | |
getprevcon_raw⚠ | |
getseuserbyname⚠ | |
getsockcreatecon⚠ | |
getsockcreatecon_raw⚠ | |
is_context_customizable⚠ | |
is_selinux_enabled⚠ | |
is_selinux_mls_enabled⚠ | |
lgetfilecon⚠ | |
lgetfilecon_raw⚠ | |
lsetfilecon⚠ | |
lsetfilecon_raw⚠ | |
manual_user_enter_context⚠ | |
matchmediacon⚠ | |
matchpathcon_checkmatches⚠ | |
matchpathcon_filespec_add⚠ | |
matchpathcon_filespec_destroy⚠ | |
matchpathcon_filespec_eval⚠ | |
mode_to_security_class⚠ | |
print_access_vector⚠ | |
query_user_context⚠ | |
security_av_perm_to_string⚠ | |
security_av_string⚠ | |
security_canonicalize_context⚠ | |
security_canonicalize_context_raw⚠ | |
security_check_context⚠ | |
security_check_context_raw⚠ | |
security_class_to_string⚠ | |
security_commit_booleans⚠ | |
security_compute_av⚠ | |
security_compute_av_flags⚠ | |
security_compute_av_flags_raw⚠ | |
security_compute_av_raw⚠ | |
security_compute_create⚠ | |
security_compute_create_name⚠ | |
security_compute_create_name_raw⚠ | |
security_compute_create_raw⚠ | |
security_compute_member⚠ | |
security_compute_member_raw⚠ | |
security_compute_relabel⚠ | |
security_compute_relabel_raw⚠ | |
security_deny_unknown⚠ | |
security_disable⚠ | |
security_get_boolean_active⚠ | |
security_get_boolean_names⚠ | |
security_get_boolean_pending⚠ | |
security_get_checkreqprot⚠ | |
security_get_initial_context⚠ | |
security_get_initial_context_raw⚠ | |
security_getenforce⚠ | |
security_load_policy⚠ | |
security_policyvers⚠ | |
security_reject_unknown⚠ | |
security_set_boolean⚠ | |
security_set_boolean_list⚠ | |
security_setenforce⚠ | |
security_validatetrans⚠ | |
security_validatetrans_raw⚠ | |
selabel_close⚠ | selabel_close - Close a labeling handle. @handle: specifies handle to close |
selabel_cmp⚠ | selabel_cmp - Compare two label configurations. @h1: handle for the first label configuration @h2: handle for the first label configuration |
selabel_digest⚠ | selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to generate the digest. The SELABEL_OPT_DIGEST option must be set in selabel_open() to initiate the digest generation. @handle: specifies backend instance to query @digest: returns a pointer to the SHA1 digest. @digest_len: returns length of digest in bytes. @specfiles: a list of specfiles used in the SHA1 digest generation. The list is NULL terminated and will hold @num_specfiles entries. @num_specfiles: number of specfiles in the list. |
selabel_get_digests_all_partial_matches⚠ | |
selabel_hash_all_partial_matches⚠ | |
selabel_lookup⚠ | selabel_lookup - Perform labeling lookup operation. @handle: specifies backend instance to query @con: returns the appropriate context with which to label the object @key: string input to lookup operation @type: numeric input to the lookup operation |
selabel_lookup_best_match⚠ | |
selabel_lookup_best_match_raw⚠ | |
selabel_lookup_raw⚠ | |
selabel_open⚠ | selabel_open - Create a labeling handle. @backend: one of the constants specifying a supported labeling backend. @opts: array of selabel_opt structures specifying label options or NULL. @nopts: number of elements in opts array or zero for no options. |
selabel_partial_match⚠ | |
selabel_stats⚠ | selabel_stats - log labeling operation statistics. @handle: specifies backend instance to query |
selinux_binary_policy_path⚠ | |
selinux_boolean_sub⚠ | |
selinux_booleans_subs_path⚠ | |
selinux_check_access⚠ | selinux_check_access - Check permissions and perform appropriate auditing. @scon: source security context @tcon: target security context @tclass: target security class string @perm: requested permissions string, interpreted based on @tclass @auditdata: auxiliary audit data |
selinux_check_securetty_context⚠ | |
selinux_colors_path⚠ | |
selinux_contexts_path⚠ | |
selinux_current_policy_path⚠ | |
selinux_customizable_types_path⚠ | |
selinux_default_context_path⚠ | |
selinux_default_type_path⚠ | |
selinux_failsafe_context_path⚠ | |
selinux_file_context_cmp⚠ | |
selinux_file_context_homedir_path⚠ | |
selinux_file_context_local_path⚠ | |
selinux_file_context_path⚠ | |
selinux_file_context_subs_dist_path⚠ | |
selinux_file_context_subs_path⚠ | |
selinux_file_context_verify⚠ | |
selinux_get_callback⚠ | |
selinux_getenforcemode⚠ | |
selinux_getpolicytype⚠ | |
selinux_homedir_context_path⚠ | |
selinux_init_load_policy⚠ | |
selinux_lsetfilecon_default⚠ | |
selinux_lxc_contexts_path⚠ | |
selinux_media_context_path⚠ | |
selinux_mkload_policy⚠ | |
selinux_netfilter_context_path⚠ | |
selinux_openrc_contexts_path⚠ | |
selinux_openssh_contexts_path⚠ | |
selinux_path⚠ | |
selinux_policy_root⚠ | |
selinux_raw_context_to_color⚠ | |
selinux_raw_to_trans_context⚠ | |
selinux_removable_context_path⚠ | |
selinux_reset_config⚠ | |
selinux_restorecon⚠ | selinux_restorecon - Relabel files. @pathname: specifies file/directory to relabel. @restorecon_flags: specifies the actions to be performed when relabeling. |
selinux_restorecon_default_handle⚠ | selinux_restorecon_default_handle - Sets default selabel_open(3) parameters to use the currently loaded policy and file_contexts. |
selinux_restorecon_set_alt_rootpath⚠ | selinux_restorecon_set_alt_rootpath - Use alternate rootpath. @alt_rootpath: containing the alternate rootpath to be used. |
selinux_restorecon_set_exclude_list⚠ | selinux_restorecon_set_exclude_list - Add a list of directories that are to be excluded from relabeling. @exclude_list: containing a NULL terminated list of one or more directories not to be relabeled. |
selinux_restorecon_set_sehandle⚠ | selinux_restorecon_set_sehandle - Set the global fc handle. @hndl: specifies handle to set as the global fc handle. |
selinux_restorecon_xattr⚠ | |
selinux_securetty_types_path⚠ | |
selinux_sepgsql_context_path⚠ | |
selinux_set_callback⚠ | |
selinux_set_mapping⚠ | selinux_set_mapping - Enable dynamic mapping between integer offsets and security class names @map: array of security_class_mapping structures |
selinux_set_policy_root⚠ | |
selinux_snapperd_contexts_path⚠ | |
selinux_status_close⚠ | selinux_status_close - Unmap and close SELinux kernel status page |
selinux_status_deny_unknown⚠ | selinux_status_deny_unknown - Get the behavior for undefined classes/permissions |
selinux_status_getenforce⚠ | selinux_status_getenforce - Get the enforce flag value |
selinux_status_open⚠ | selinux_status_open - Open and map SELinux kernel status page |
selinux_status_policyload⚠ | selinux_status_policyload - Get the number of policy reloaded |
selinux_status_updated⚠ | selinux_status_updated - Inform us whether the kernel status has been updated |
selinux_systemd_contexts_path⚠ | |
selinux_trans_to_raw_context⚠ | |
selinux_translations_path⚠ | |
selinux_user_contexts_path⚠ | |
selinux_usersconf_path⚠ | |
selinux_virtual_domain_context_path⚠ | |
selinux_virtual_image_context_path⚠ | |
selinux_x_context_path⚠ | |
set_matchpathcon_canoncon⚠ | |
set_matchpathcon_flags⚠ | |
set_matchpathcon_invalidcon⚠ | |
set_matchpathcon_printf⚠ | |
set_selinuxmnt⚠ | |
setcon⚠ | |
setcon_raw⚠ | |
setexeccon⚠ | |
setexeccon_raw⚠ | |
setfilecon⚠ | |
setfilecon_raw⚠ | |
setfscreatecon⚠ | |
setfscreatecon_raw⚠ | |
setkeycreatecon⚠ | |
setkeycreatecon_raw⚠ | |
setsockcreatecon⚠ | |
setsockcreatecon_raw⚠ | |
string_to_av_perm⚠ | |
string_to_security_class⚠ |
Type Definitions
__ino_t | |
__mode_t | |
__pid_t | |
__uint8_t | |
__uint32_t | |
access_vector_t | |
context_t | |
ino_t | |
mode_t | |
pid_t | |
security_class_t | |
security_id_t |
Unions
selinux_callback |