OSTree.SePolicy¶

Subclasses:: None

Methods¶

Inherited:: GObject.Object (37), Gio.Initable (2)
Structs:: GObject.ObjectClass (5)

class	`fscreatecon_cleanup` (unused)
class	`new` (path, cancellable)
class	`new_at` (rootfs_dfd, cancellable)
class	`new_from_commit` (repo, rev, cancellable)
	`get_csum` ()
	`get_label` (relpath, unix_mode, cancellable)
	`get_name` ()
	`get_path` ()
	`host_enabled` ()
	`restorecon` (path, info, target, flags, cancellable)
	`setfscreatecon` (path, mode)

Virtual Methods¶

Inherited:: GObject.Object (7), Gio.Initable (1)

Properties¶

Name	Type	Flags	Short Description
`path`	`Gio.File`	r/w/co
`rootfs-dfd`	`int`	r/w/co

Signals¶

Inherited:: GObject.Object (1)

Fields¶

Inherited:: GObject.Object (1)

Class Details¶

class OSTree.SePolicy(**kwargs)¶

Bases:: GObject.Object, Gio.Initable
Abstract:: No

classmethod fscreatecon_cleanup(unused)¶

Parameters:: unused (object or None) – Not used, just in case you didn’t infer that from the parameter name

Cleanup function for OSTree.SePolicy.setfscreatecon().

classmethod new(path, cancellable)¶

Parameters:

path (Gio.File) – Path to a root directory
cancellable (Gio.Cancellable or None) – Cancellable

Raises:

GLib.Error

Returns:

An accessor object for SELinux policy in root located at path

Return type:

OSTree.SePolicy

classmethod new_at(rootfs_dfd, cancellable)¶

Parameters:

rootfs_dfd (int) – Directory fd for rootfs (will not be cloned)
cancellable (Gio.Cancellable or None) – Cancellable

Raises:

GLib.Error

Returns:

An accessor object for SELinux policy in root located at rootfs_dfd

Return type:

OSTree.SePolicy

New in version 2017.4.

classmethod new_from_commit(repo, rev, cancellable)¶

Parameters:

repo (OSTree.Repo) – The repo
rev (str) – ostree ref or checksum
cancellable (Gio.Cancellable or None) – Cancellable

Raises:

GLib.Error

Returns:

A new policy

Return type:

OSTree.SePolicy

Extract the SELinux policy from a commit object via a partial checkout. This is useful for labeling derived content as separate commits.

This function is the backend of ostree_repo_commit_modifier_set_sepolicy_from_commit().

get_csum()¶

Returns:: Checksum of current policy
Return type:: str or None

New in version 2016.5.

get_label(relpath, unix_mode, cancellable)¶

Parameters:

relpath (str) – Path
unix_mode (int) – Unix mode
cancellable (Gio.Cancellable or None) – Cancellable

Raises:

GLib.Error

Returns:

out_label:: Return location for security context

Return type:

(bool, out_label: str or None)

Store in out_label the security context for the given relpath and mode unix_mode. If the policy does not specify a label, None will be returned.

get_name()¶

Returns:: Type of current policy
Return type:: str

get_path()¶

Returns:: Path to rootfs
Return type:: Gio.File or None

This API should be considered deprecated, because it’s supported for policy objects to be created from file-descriptor relative paths, which may not be globally accessible.

host_enabled()¶

Return type:: bool

Return if the host has selinux enabled

restorecon(path, info, target, flags, cancellable)¶

Parameters:

path (str) – Path string to use for policy lookup
info (Gio.FileInfo or None) – File attributes
target (Gio.File) – Physical path to target file
flags (OSTree.SePolicyRestoreconFlags) – Flags controlling behavior
cancellable (Gio.Cancellable or None) – Cancellable

Raises:

GLib.Error

Returns:

out_new_label:: New label, or None if unchanged

Return type:

(bool, out_new_label: str or None)

Reset the security context of target based on the SELinux policy.

setfscreatecon(path, mode)¶

Parameters:

path (str) – Use this path to determine a label
mode (int) – Used along with path

Raises:

GLib.Error

Return type:

bool

Property Details¶

OSTree.SePolicy.props.path¶

Name:: path
Type:: Gio.File
Default Value:: None
Flags:: READABLE, WRITABLE, CONSTRUCT_ONLY

OSTree.SePolicy.props.rootfs_dfd¶

Name:: rootfs-dfd
Type:: int
Default Value:: -1
Flags:: READABLE, WRITABLE, CONSTRUCT_ONLY