Expand description
🛡️ Safe Rust bindings for libselinux
SELinux is a flexible Mandatory Access Control for Linux.
This crate supports libselinux
from version 2.8
to 3.2
.
Later versions might still be compatible.
This crate exposes neither deprecated nor undocumented SELinux API functions
and types.
⚠️ This crate is Linux-specific. Building it for non-Linux platforms, or for the Linux kernel, results in an empty crate.
This documentation is too brief to cover SELinux.
Please refer to the official SELinux documentation, the manual pages of
the libselinux
native library, and the selinux-sys
crate for a more
complete picture on how to use this crate.
If you cannot find a feature you are looking for by its name, but you know
which libselinux
APIs relate to it, then try searching the documentation
by that API name.
⚓ Backward compatibility
This crate requires libselinux
version 2.8
, at least.
However, this crate provides some functions that are based on libselinux
functions implemented in later versions.
When such newer functions are needed, this crate attempts to load them
dynamically at runtime.
If such functions are implemented by libselinux
, then the called crate
functions run as expected.
If the needed functions are not implemented by libselinux
, then an error is
returned indicating that the called crate function is unsupported.
Versioning
This project adheres to Semantic Versioning.
The CHANGELOG.md
file details notable changes over time.
Modules
Access Vector Cache.
SELinux call backs.
Restore file(s) default SELinux security contexts.
Errors.
Labeling files.
SELinux paths.
SELinux policies.
Utilities.
Structs
File access mode.
Background and foreground colors.
Opaque security context.
Red, green and blue components of a color.
SELinux security class.
SELinux security context.
Colors of a security context.
List of security contexts.
Enums
Support of SELinux in the running kernel.
Protection checked by SELinux on mmap()
and mprotect()
calls.
SELinux enforcing mode.
SELinux handling of undefined object classes and permissions.
Functions
Determine how the system was set up to run SELinux.
Determine the current SELinux enforcing mode.
Get the default type (domain) for role, and set type to refer to it.
Flush the SELinux class cache, e.g., upon a policy reload.
Determine the support of SELinux in the running kernel.
Determine the protection currently checked by SELinux on mmap()
and
mprotect()
calls.
Force a reset of the loaded configuration.
Get the SELinux user name and level for a given Linux user name.
Set the current SELinux enforcing mode.
Establishes a mapping from a user-provided ordering of object classes and permissions to the numbers actually used by the loaded system policy.
Return the current SELinux handling of undefined object classes and permissions.