var validOptions … var ErrIncompatibleLabel … // InitLabels returns the process label and file labels to be used within // the container. A list of options can be passed into this function to alter // the labels. The labels returned will include a random MCS String, that is // guaranteed to be unique. // If the disabled flag is passed in, the process label will not be set, but the mount label will be set // to the container_file label with the maximum category. This label is not usable by any confined label. func InitLabels(options []string) (plabel string, mlabel string, retErr error) { … } // Deprecated: The GenLabels function is only to be used during the transition // to the official API. Use InitLabels(strings.Fields(options)) instead. func GenLabels(options string) (string, string, error) { … } // SetFileLabel modifies the "path" label to the specified file label func SetFileLabel(path string, fileLabel string) error { … } // SetFileCreateLabel tells the kernel the label for all files to be created func SetFileCreateLabel(fileLabel string) error { … } // Relabel changes the label of path and all the entries beneath the path. // It changes the MCS label to s0 if shared is true. // This will allow all containers to share the content. // // The path itself is guaranteed to be relabeled last. func Relabel(path string, fileLabel string, shared bool) error { … } var DisableSecOpt … // Validate checks that the label does not include unexpected options func Validate(label string) error { … } // RelabelNeeded checks whether the user requested a relabel func RelabelNeeded(label string) bool { … } // IsShared checks that the label includes a "shared" mark func IsShared(label string) bool { … }
Codebase Browser
kubernetes