OSTree.SePolicy

g GObject.GInterface GObject.GInterface Gio.Initable Gio.Initable GObject.GInterface->Gio.Initable GObject.Object GObject.Object OSTree.SePolicy OSTree.SePolicy GObject.Object->OSTree.SePolicy Gio.Initable->OSTree.SePolicy

Subclasses:

None

Methods

Inherited:

GObject.Object (37), Gio.Initable (2)

Structs:

GObject.ObjectClass (5)

class

fscreatecon_cleanup (unused)

class

new (path, cancellable)

class

new_at (rootfs_dfd, cancellable)

class

new_from_commit (repo, rev, cancellable)

class

set_null_log ()

get_csum ()

get_label (relpath, unix_mode, cancellable)

get_name ()

get_path ()

restorecon (path, info, target, flags, cancellable)

setfscreatecon (path, mode)

Virtual Methods

Inherited:

GObject.Object (7), Gio.Initable (1)

Properties

Name

Type

Flags

Short Description

path

Gio.File

r/w/co

rootfs-dfd

int

r/w/co

Signals

Inherited:

GObject.Object (1)

Fields

Inherited:

GObject.Object (1)

Class Details

class OSTree.SePolicy(**kwargs)
Bases:

GObject.Object, Gio.Initable

Abstract:

No

classmethod fscreatecon_cleanup(unused)
Parameters:

unused (object or None) – Not used, just in case you didn’t infer that from the parameter name

Cleanup function for OSTree.SePolicy.setfscreatecon().

classmethod new(path, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

An accessor object for SELinux policy in root located at path

Return type:

OSTree.SePolicy

classmethod new_at(rootfs_dfd, cancellable)
Parameters:

  • rootfs_dfd (int) – Directory fd for rootfs (will not be cloned)

  • cancellable (Gio.Cancellable or None) – Cancellable

Raises:

GLib.Error

Returns:

An accessor object for SELinux policy in root located at rootfs_dfd

Return type:

OSTree.SePolicy

New in version 2017.4.

classmethod new_from_commit(repo, rev, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

A new policy

Return type:

OSTree.SePolicy

Extract the SELinux policy from a commit object via a partial checkout. This is useful for labeling derived content as separate commits.

This function is the backend of ostree_repo_commit_modifier_set_sepolicy_from_commit().

classmethod set_null_log()

Disable SELinux’s builtin logging; one rarely wants this enabled.

New in version 2025.2.

get_csum()
Returns:

Checksum of current policy

Return type:

str or None

New in version 2016.5.

get_label(relpath, unix_mode, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

out_label:

Return location for security context

Return type:

(bool, out_label: str or None)

Store in out_label the security context for the given relpath and mode unix_mode. If the policy does not specify a label, None will be returned.

get_name()
Returns:

Type of current policy

Return type:

str or None

get_path()
Returns:

Path to rootfs

Return type:

Gio.File or None

This API should be considered deprecated, because it’s supported for policy objects to be created from file-descriptor relative paths, which may not be globally accessible.

restorecon(path, info, target, flags, cancellable)
Parameters:
Raises:

GLib.Error

Returns:

out_new_label:

New label, or None if unchanged

Return type:

(bool, out_new_label: str or None)

Reset the security context of target based on the SELinux policy.

setfscreatecon(path, mode)
Parameters:

  • path (str) – Use this path to determine a label

  • mode (int) – Used along with path

Raises:

GLib.Error

Return type:

bool

Property Details

OSTree.SePolicy.props.path
Name:

path

Type:

Gio.File

Default Value:

None

Flags:

READABLE, WRITABLE, CONSTRUCT_ONLY

OSTree.SePolicy.props.rootfs_dfd
Name:

rootfs-dfd

Type:

int

Default Value:

-1

Flags:

READABLE, WRITABLE, CONSTRUCT_ONLY