|
|
|
OSTree API references | |
|---|---|---|---|---|
| Top | Description | ||||
SELinux policy managementSELinux policy management — Read SELinux policy and manage filesystem labels |
typedef OstreeSePolicy; OstreeSePolicy * ostree_sepolicy_new (GFile *path,GCancellable *cancellable,GError **error); OstreeSePolicy * ostree_sepolicy_new_at (int rootfs_dfd,GCancellable *cancellable,GError **error); GFile * ostree_sepolicy_get_path (OstreeSePolicy *self); const char * ostree_sepolicy_get_name (OstreeSePolicy *self); gboolean ostree_sepolicy_get_label (OstreeSePolicy *self,const char *relpath,guint32 unix_mode,char **out_label,GCancellable *cancellable,GError **error); const char * ostree_sepolicy_get_csum (OstreeSePolicy *self); enum OstreeSePolicyRestoreconFlags; gboolean ostree_sepolicy_restorecon (OstreeSePolicy *self,const char *path,GFileInfo *info,GFile *target,OstreeSePolicyRestoreconFlags flags,char **out_new_label,GCancellable *cancellable,GError **error); gboolean ostree_sepolicy_setfscreatecon (OstreeSePolicy *self,const char *path,guint32 mode,GError **error); void ostree_sepolicy_fscreatecon_cleanup (void **unused);
A OstreeSePolicy object can load the SELinux policy from a given root and perform labeling.
OstreeSePolicy * ostree_sepolicy_new (GFile *path,GCancellable *cancellable,GError **error);
|
Path to a root directory |
|
Cancellable |
|
Error |
Returns : |
An accessor object for SELinux policy in root located at path. [transfer full]
|
OstreeSePolicy * ostree_sepolicy_new_at (int rootfs_dfd,GCancellable *cancellable,GError **error);
|
Directory fd for rootfs (will not be cloned) |
|
Cancellable |
|
Error |
Returns : |
An accessor object for SELinux policy in root located at rootfs_dfd. [transfer full]
|
GFile * ostree_sepolicy_get_path (OstreeSePolicy *self);
Returns : |
Path to rootfs. [transfer none] |
const char * ostree_sepolicy_get_name (OstreeSePolicy *self);
Returns : |
Type of current policy. [transfer none] |
gboolean ostree_sepolicy_get_label (OstreeSePolicy *self,const char *relpath,guint32 unix_mode,char **out_label,GCancellable *cancellable,GError **error);
Store in out_label the security context for the given relpath and
mode unix_mode. If the policy does not specify a label, NULL
will be returned.
|
Self |
|
Path |
|
Unix mode |
|
Return location for security context. [allow-none][out][transfer full] |
|
Cancellable |
|
Error |
const char * ostree_sepolicy_get_csum (OstreeSePolicy *self);
Returns : |
Checksum of current policy. [transfer none] |
typedef enum {
OSTREE_SEPOLICY_RESTORECON_FLAGS_NONE,
OSTREE_SEPOLICY_RESTORECON_FLAGS_ALLOW_NOLABEL = (1 << 0),
OSTREE_SEPOLICY_RESTORECON_FLAGS_KEEP_EXISTING = (1 << 1)
} OstreeSePolicyRestoreconFlags;
gboolean ostree_sepolicy_restorecon (OstreeSePolicy *self,const char *path,GFileInfo *info,GFile *target,OstreeSePolicyRestoreconFlags flags,char **out_new_label,GCancellable *cancellable,GError **error);
Reset the security context of target based on the SELinux policy.
|
Self |
|
Path string to use for policy lookup |
|
File attributes. [allow-none] |
|
Physical path to target file |
|
Flags controlling behavior |
|
New label, or NULL if unchanged. [allow-none][out]
|
|
Cancellable |
|
Error |
gboolean ostree_sepolicy_setfscreatecon (OstreeSePolicy *self,const char *path,guint32 mode,GError **error);
|
Policy |
|
Use this path to determine a label |
|
Used along with path
|
|
Error |
void ostree_sepolicy_fscreatecon_cleanup (void **unused);
Cleanup function for ostree_sepolicy_setfscreatecon().
|
Not used, just in case you didn't infer that from the parameter name |