CalculateGlbLub computes the glb (greatest lower bound) and lub (least upper bound) of a source and target range.

CanonicalizeContext takes a context string and writes it to the kernel the function then returns the context that the kernel will use.

Chcon changes the fpath file object to the SELinux label.

ClassIndex returns the int index for an object class in the loaded policy, or -1 and an error.

ClearLabels clears all reserved labels.

ComputeCreateContext requests the type transition from source to target for class from the kernel.

ContainerLabels returns an allocated processLabel and fileLabel to be used for container labeling by the calling process.

CopyLevel returns a label with the MLS/MCS level from src label replaced on the dest label.

CurrentLabel returns the SELinux label of the current process thread, or an error.

DefaultEnforceMode returns the systems default SELinux mode Enforcing, Permissive or Disabled.

DisableSecOpt returns a security opt that can be used to disable SELinux labeling support for future container processes.

DupSecOpt takes an SELinux process label and returns security options that can be used to set the SELinux Type and Level for future container processes.

EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled.

ExecLabel returns the SELinux label that the kernel will use for any programs that are executed by the current process thread, or an error.

FileLabel returns the SELinux label for this path, following symlinks, or returns an error.

FSCreateLabel returns the default label the kernel which the kernel is using for file system objects created by this task.

GetDefaultContextWithLevel gets a single context for the specified SELinux user identity that is reachable from the specified scon context.

GetEnabled returns whether SELinux is currently enabled.

InitContainerLabels returns the default processLabel and file labels to be used for containers running an init system like systemd by the calling process.

KeyLabel retrieves the current kernel keyring label setting.

KVMContainerLabels returns the default processLabel and mountLabel to be used for kvm containers by the calling process.

LfileLabel returns the SELinux label for this path, not following symlinks, or returns an error.

LsetFileLabel sets the SELinux label for this path, not following symlinks, or returns an error.

MLSEnabled checks if MLS is enabled.

NewContext creates a new Context struct from the specified label.

PeerLabel retrieves the label of the client on the other side of a socket.

PidLabel returns the SELinux label of the given pid, or an error.

PrivContainerMountLabel returns mount label for privileged containers.

ReleaseLabel un-reserves the MLS/MCS Level field of the specified label, allowing it to be used by another process.

ReserveLabel reserves the MLS/MCS level component of the specified label.

ROFileLabel returns the specified SELinux readonly file label.

SecurityCheckContext validates that the SELinux label is understood by the kernel.

SetDisabled disables SELinux support for the package.

SetEnforceMode sets the current SELinux mode Enforcing, Permissive.

SetExecLabel sets the SELinux label that the kernel will use for any programs that are executed by the current process thread, or an error.

SetFileLabel sets the SELinux label for this path, following symlinks, or returns an error.

SetFSCreateLabel tells the kernel what label to use for all file system objects created by this task.

SetKeyLabel takes a process label and tells the kernel to assign the label to the next kernel keyring that gets created.

SetSocketLabel takes a process label and tells the kernel to assign the label to the next socket that gets created.

SetTaskLabel sets the SELinux label for the current thread, or an error.

SocketLabel retrieves the current socket label setting.

DefaultCategoryRange is the upper bound on the category range.

Disabled constant to indicate SELinux is disabled.

Enforcing constant indicate SELinux is in enforcing mode.

Permissive constant to indicate SELinux is in permissive mode.

CategoryRange allows the upper bound on the category range to be adjusted.

ErrContextMissing is returned if a requested context is not found in a file.

ErrEmptyPath is returned when an empty path has been specified.

ErrIncomparable is returned two levels are not comparable.

ErrInvalidLabel is returned when an invalid label is specified.

ErrLevelSyntax is returned when a sensitivity or category do not have correct syntax in a level.

ErrMCSAlreadyExists is returned when trying to allocate a duplicate MCS.

ErrVerifierNil is returned when a context verifier function is nil.

InvalidLabel is returned when an invalid label is specified.

Context is a representation of the SELinux label broken into 4 parts.