label

package
v1.12.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2025 License: Apache-2.0 Imports: 4 Imported by: 1,651

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrIncompatibleLabel = errors.New("Bad SELinux option z and Z can not be used together")

Functions

func FormatMountLabel 

func FormatMountLabel(src, mountLabel string) string

FormatMountLabel returns a string to be used by the mount command. Using the SELinux `context` mount option. Changing labels of files on mount points with this option can never be changed. FormatMountLabel returns a string to be used by the mount command. The format of this string will be used to alter the labeling of the mountpoint. The string returned is suitable to be used as the options field of the mount command. If you need to have additional mount point options, you can pass them in as the first parameter. Second parameter is the label that you wish to apply to all content in the mount point.

func FormatMountLabelByType added in v1.11.0 

func FormatMountLabelByType(src, mountLabel, contextType string) string

FormatMountLabelByType returns a string to be used by the mount command. Allow caller to specify the mount options. For example using the SELinux `fscontext` mount option would allow certain container processes to change labels of files created on the mount points, where as `context` option does not. FormatMountLabelByType returns a string to be used by the mount command. The format of this string will be used to alter the labeling of the mountpoint. The string returned is suitable to be used as the options field of the mount command. If you need to have additional mount point options, you can pass them in as the first parameter. Second parameter is the label that you wish to apply to all content in the mount point.

func Init 

func Init()

Init initialises the labeling system

func InitLabels 

func InitLabels(options []string) (plabel string, mlabel string, retErr error)

InitLabels returns the process label and file labels to be used within the container. A list of options can be passed into this function to alter the labels. The labels returned will include a random MCS String, that is guaranteed to be unique. If the disabled flag is passed in, the process label will not be set, but the mount label will be set to the container_file label with the maximum category. This label is not usable by any confined label.

func IsShared 

func IsShared(label string) bool

IsShared checks that the label includes a "shared" mark

func Relabel 

func Relabel(path string, fileLabel string, shared bool) error

Relabel changes the label of path and all the entries beneath the path. It changes the MCS label to s0 if shared is true. This will allow all containers to share the content.

The path itself is guaranteed to be relabeled last.

func RelabelNeeded 

func RelabelNeeded(label string) bool

RelabelNeeded checks whether the user requested a relabel

func SetFileCreateLabel 

func SetFileCreateLabel(fileLabel string) error

SetFileCreateLabel tells the kernel the label for all files to be created

func SetFileLabel 

func SetFileLabel(path string, fileLabel string) error

SetFileLabel modifies the "path" label to the specified file label

func Validate 

func Validate(label string) error

Validate checks that the label does not include unexpected options

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.