We use cookies to ensure you get the best experience on our website
Inicio Explorar Axuda
Rexistro Iniciar sesión
0ct0pu5
/
moby
1
0
Fork 0
Ficheiros Incidencias 0 Pull Requests 0 Wiki
Árbore: a8216806ce
Ramas Etiquetas
moby
/
vendor
/
github.com
/
opencontainers
/
selinux
/
go-selinux
/
selinux_stub.go

selinux_stub.go 6.5 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254 
  1. // +build !selinux !linux
    2. 

  2. 

  3. package selinux
    4. 

  4. 

  5. import (
    6. 

  6. 	"errors"
    7. 

  7. )
    8. 

  8. 

  9. const (
    10. 

  10. 	// Enforcing constant indicate SELinux is in enforcing mode
    11. 

  11. 	Enforcing = 1
    12. 

  12. 	// Permissive constant to indicate SELinux is in permissive mode
    13. 

  13. 	Permissive = 0
    14. 

  14. 	// Disabled constant to indicate SELinux is disabled
    15. 

  15. 	Disabled = -1
    16. 

  16. )
    17. 

  17. 

  18. var (
    19. 

  19. 	// ErrMCSAlreadyExists is returned when trying to allocate a duplicate MCS.
    20. 

  20. 	ErrMCSAlreadyExists = errors.New("MCS label already exists")
    21. 

  21. 	// ErrEmptyPath is returned when an empty path has been specified.
    22. 

  22. 	ErrEmptyPath = errors.New("empty path")
    23. 

  23. )
    24. 

  24. 

  25. // Context is a representation of the SELinux label broken into 4 parts
    26. 

  26. type Context map[string]string
    27. 

  27. 

  28. // SetDisabled disables selinux support for the package
    29. 

  29. func SetDisabled() {
    30. 

  30. 	return
    31. 

  31. }
    32. 

  32. 

  33. // GetEnabled returns whether selinux is currently enabled.
    34. 

  34. func GetEnabled() bool {
    35. 

  35. 	return false
    36. 

  36. }
    37. 

  37. 

  38. // ClassIndex returns the int index for an object class in the loaded policy, or -1 and an error
    39. 

  39. func ClassIndex(class string) (int, error) {
    40. 

  40. 	return -1, nil
    41. 

  41. }
    42. 

  42. 

  43. // SetFileLabel sets the SELinux label for this path or returns an error.
    44. 

  44. func SetFileLabel(fpath string, label string) error {
    45. 

  45. 	return nil
    46. 

  46. }
    47. 

  47. 

  48. // FileLabel returns the SELinux label for this path or returns an error.
    49. 

  49. func FileLabel(fpath string) (string, error) {
    50. 

  50. 	return "", nil
    51. 

  51. }
    52. 

  52. 

  53. /*
    54. 

  54. SetFSCreateLabel tells kernel the label to create all file system objects
    55. 

  55. created by this task. Setting label="" to return to default.
    56. 

  56. */
    57. 

  57. func SetFSCreateLabel(label string) error {
    58. 

  58. 	return nil
    59. 

  59. }
    60. 

  60. 

  61. /*
    62. 

  62. FSCreateLabel returns the default label the kernel which the kernel is using
    63. 

  63. for file system objects created by this task. "" indicates default.
    64. 

  64. */
    65. 

  65. func FSCreateLabel() (string, error) {
    66. 

  66. 	return "", nil
    67. 

  67. }
    68. 

  68. 

  69. // CurrentLabel returns the SELinux label of the current process thread, or an error.
    70. 

  70. func CurrentLabel() (string, error) {
    71. 

  71. 	return "", nil
    72. 

  72. }
    73. 

  73. 

  74. // PidLabel returns the SELinux label of the given pid, or an error.
    75. 

  75. func PidLabel(pid int) (string, error) {
    76. 

  76. 	return "", nil
    77. 

  77. }
    78. 

  78. 

  79. /*
    80. 

  80. ExecLabel returns the SELinux label that the kernel will use for any programs
    81. 

  81. that are executed by the current process thread, or an error.
    82. 

  82. */
    83. 

  83. func ExecLabel() (string, error) {
    84. 

  84. 	return "", nil
    85. 

  85. }
    86. 

  86. 

  87. /*
    88. 

  88. CanonicalizeContext takes a context string and writes it to the kernel
    89. 

  89. the function then returns the context that the kernel will use.  This function
    90. 

  90. can be used to see if two contexts are equivalent
    91. 

  91. */
    92. 

  92. func CanonicalizeContext(val string) (string, error) {
    93. 

  93. 	return "", nil
    94. 

  94. }
    95. 

  95. 

  96. /*
    97. 

  97. ComputeCreateContext requests the type transition from source to target for class  from the kernel.
    98. 

  98. */
    99. 

  99. func ComputeCreateContext(source string, target string, class string) (string, error) {
    100. 

  100. 	return "", nil
    101. 

  101. }
    102. 

  102. 

  103. /*
    104. 

  104. SetExecLabel sets the SELinux label that the kernel will use for any programs
    105. 

  105. that are executed by the current process thread, or an error.
    106. 

  106. */
    107. 

  107. func SetExecLabel(label string) error {
    108. 

  108. 	return nil
    109. 

  109. }
    110. 

  110. 

  111. /*
    112. 

  112. SetTaskLabel sets the SELinux label for the current thread, or an error.
    113. 

  113. This requires the dyntransition permission.
    114. 

  114. */
    115. 

  115. func SetTaskLabel(label string) error {
    116. 

  116. 	return nil
    117. 

  117. }
    118. 

  118. 

  119. /*
    120. 

  120. SetSocketLabel sets the SELinux label that the kernel will use for any programs
    121. 

  121. that are executed by the current process thread, or an error.
    122. 

  122. */
    123. 

  123. func SetSocketLabel(label string) error {
    124. 

  124. 	return nil
    125. 

  125. }
    126. 

  126. 

  127. // SocketLabel retrieves the current socket label setting
    128. 

  128. func SocketLabel() (string, error) {
    129. 

  129. 	return "", nil
    130. 

  130. }
    131. 

  131. 

  132. // PeerLabel retrieves the label of the client on the other side of a socket
    133. 

  133. func PeerLabel(fd uintptr) (string, error) {
    134. 

  134. 	return "", nil
    135. 

  135. }
    136. 

  136. 

  137. // SetKeyLabel takes a process label and tells the kernel to assign the
    138. 

  138. // label to the next kernel keyring that gets created
    139. 

  139. func SetKeyLabel(label string) error {
    140. 

  140. 	return nil
    141. 

  141. }
    142. 

  142. 

  143. // KeyLabel retrieves the current kernel keyring label setting
    144. 

  144. func KeyLabel() (string, error) {
    145. 

  145. 	return "", nil
    146. 

  146. }
    147. 

  147. 

  148. // Get returns the Context as a string
    149. 

  149. func (c Context) Get() string {
    150. 

  150. 	return ""
    151. 

  151. }
    152. 

  152. 

  153. // NewContext creates a new Context struct from the specified label
    154. 

  154. func NewContext(label string) (Context, error) {
    155. 

  155. 	c := make(Context)
    156. 

  156. 	return c, nil
    157. 

  157. }
    158. 

  158. 

  159. // ClearLabels clears all reserved MLS/MCS levels
    160. 

  160. func ClearLabels() {
    161. 

  161. 	return
    162. 

  162. }
    163. 

  163. 

  164. // ReserveLabel reserves the MLS/MCS level component of the specified label
    165. 

  165. func ReserveLabel(label string) {
    166. 

  166. 	return
    167. 

  167. }
    168. 

  168. 

  169. // EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled
    170. 

  170. func EnforceMode() int {
    171. 

  171. 	return Disabled
    172. 

  172. }
    173. 

  173. 

  174. /*
    175. 

  175. SetEnforceMode sets the current SELinux mode Enforcing, Permissive.
    176. 

  176. Disabled is not valid, since this needs to be set at boot time.
    177. 

  177. */
    178. 

  178. func SetEnforceMode(mode int) error {
    179. 

  179. 	return nil
    180. 

  180. }
    181. 

  181. 

  182. /*
    183. 

  183. DefaultEnforceMode returns the systems default SELinux mode Enforcing,
    184. 

  184. Permissive or Disabled. Note this is is just the default at boot time.
    185. 

  185. EnforceMode tells you the systems current mode.
    186. 

  186. */
    187. 

  187. func DefaultEnforceMode() int {
    188. 

  188. 	return Disabled
    189. 

  189. }
    190. 

  190. 

  191. /*
    192. 

  192. ReleaseLabel will unreserve the MLS/MCS Level field of the specified label.
    193. 

  193. Allowing it to be used by another process.
    194. 

  194. */
    195. 

  195. func ReleaseLabel(label string) {
    196. 

  196. 	return
    197. 

  197. }
    198. 

  198. 

  199. // ROFileLabel returns the specified SELinux readonly file label
    200. 

  200. func ROFileLabel() string {
    201. 

  201. 	return ""
    202. 

  202. }
    203. 

  203. 

  204. // KVMContainerLabels returns the default processLabel and mountLabel to be used
    205. 

  205. // for kvm containers by the calling process.
    206. 

  206. func KVMContainerLabels() (string, string) {
    207. 

  207. 	return "", ""
    208. 

  208. }
    209. 

  209. 

  210. // InitContainerLabels returns the default processLabel and file labels to be
    211. 

  211. // used for containers running an init system like systemd by the calling
    212. 

  212. func InitContainerLabels() (string, string) {
    213. 

  213. 	return "", ""
    214. 

  214. }
    215. 

  215. 

  216. /*
    217. 

  217. ContainerLabels returns an allocated processLabel and fileLabel to be used for
    218. 

  218. container labeling by the calling process.
    219. 

  219. */
    220. 

  220. func ContainerLabels() (processLabel string, fileLabel string) {
    221. 

  221. 	return "", ""
    222. 

  222. }
    223. 

  223. 

  224. // SecurityCheckContext validates that the SELinux label is understood by the kernel
    225. 

  225. func SecurityCheckContext(val string) error {
    226. 

  226. 	return nil
    227. 

  227. }
    228. 

  228. 

  229. /*
    230. 

  230. CopyLevel returns a label with the MLS/MCS level from src label replaced on
    231. 

  231. the dest label.
    232. 

  232. */
    233. 

  233. func CopyLevel(src, dest string) (string, error) {
    234. 

  234. 	return "", nil
    235. 

  235. }
    236. 

  236. 

  237. // Chcon changes the `fpath` file object to the SELinux label `label`.
    238. 

  238. // If `fpath` is a directory and `recurse`` is true, Chcon will walk the
    239. 

  239. // directory tree setting the label.
    240. 

  240. func Chcon(fpath string, label string, recurse bool) error {
    241. 

  241. 	return nil
    242. 

  242. }
    243. 

  243. 

  244. // DupSecOpt takes an SELinux process label and returns security options that
    245. 

  245. // can be used to set the SELinux Type and Level for future container processes.
    246. 

  246. func DupSecOpt(src string) ([]string, error) {
    247. 

  247. 	return nil, nil
    248. 

  248. }
    249. 

  249. 

  250. // DisableSecOpt returns a security opt that can be used to disable SELinux
    251. 

  251. // labeling support for future container processes.
    252. 

  252. func DisableSecOpt() []string {
    253. 

  253. 	return []string{"disable"}
    254. 

  254. }
    255.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5