RGBCube/uutils-coreutils
1
Fork 0
mirror of https://github.com/RGBCube/uutils-coreutils synced 2025-07-28 19:47:45 +00:00
Code Issues Activity

uucore/selinux: add a function to verify if selinux is enabled

Browse source
This commit is contained in:
Sylvestre Ledru 2025-04-12 18:36:58 +02:00
parent 842f47b372
commit d41c0ceb53
1 changed files with 47 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

50
src/uucore/src/lib/features/selinux.rs
View file

@ -7,6 +7,38 @@ use std::path::Path;
use selinux::SecurityContext; use selinux::SecurityContext;
#[derive(Debug)]
pub enum Error {
SELinuxNotEnabled,
}
/// Checks if SELinux is enabled on the system.
///
/// This function verifies whether the kernel has SELinux support enabled.
///
/// # Returns
///
/// * `Ok(())` - If SELinux is enabled on the system.
/// * `Err(Error::SELinuxNotEnabled)` - If SELinux is not enabled.
///
/// # Examples
///
/// ```
/// use uucore::selinux::check_selinux_enabled;
///
/// match check_selinux_enabled() {
/// Ok(_) => println!("SELinux is enabled"),
/// Err(_) => println!("SELinux is not enabled"),
/// }
/// ```
pub fn check_selinux_enabled() -> Result<(), Error> {
if selinux::kernel_support() == selinux::KernelSupport::Unsupported {
Err(Error::SELinuxNotEnabled)
} else {
Ok(())
}
}
/// Sets the SELinux security context for the given filesystem path. /// Sets the SELinux security context for the given filesystem path.
/// ///
/// If a specific context is provided, it attempts to set this context explicitly. /// If a specific context is provided, it attempts to set this context explicitly.
@ -52,9 +84,7 @@ use selinux::SecurityContext;
/// ``` /// ```
pub fn set_selinux_security_context(path: &Path, context: Option<&String>) -> Result<(), String> { pub fn set_selinux_security_context(path: &Path, context: Option<&String>) -> Result<(), String> {
// Check if SELinux is enabled on the system // Check if SELinux is enabled on the system
if selinux::kernel_support() == selinux::KernelSupport::Unsupported { check_selinux_enabled().map_err(|e| format!("{:?}", e))?;
return Err("SELinux is not enabled on this system".into());
}
if let Some(ctx_str) = context { if let Some(ctx_str) = context {
// Create a CString from the provided context string // Create a CString from the provided context string
@ -127,4 +157,18 @@ mod tests {
"Invalid context string (contains null bytes)" "Invalid context string (contains null bytes)"
); );
} }
#[test]
fn test_check_selinux_enabled_runtime_behavior() {
let result = check_selinux_enabled();
match selinux::kernel_support() {
selinux::KernelSupport::Unsupported => {
assert!(matches!(result, Err(Error::SELinuxNotEnabled)));
}
_ => {
assert!(result.is_ok(), "Expected Ok(()) when SELinux is supported");
}
}
}
} }