#selinux #security #access-control #linux

sys selinux-sys

Flexible Mandatory Access Control (MAC) for Linux

20 releases

0.6.7 Nov 1, 2023
0.6.5 Jun 7, 2023
0.6.3 Feb 23, 2023
0.6.2 Nov 23, 2022
0.2.0 Mar 17, 2021

#1317 in Filesystem

Download history 1822/week @ 2023-07-19 2083/week @ 2023-07-26 1575/week @ 2023-08-02 2248/week @ 2023-08-09 3391/week @ 2023-08-16 3206/week @ 2023-08-23 2736/week @ 2023-08-30 2416/week @ 2023-09-06 2021/week @ 2023-09-13 3372/week @ 2023-09-20 2905/week @ 2023-09-27 3540/week @ 2023-10-04 3646/week @ 2023-10-11 2927/week @ 2023-10-18 2539/week @ 2023-10-25 2816/week @ 2023-11-01

12,423 downloads per month
Used in 7 crates (via selinux)

MIT license

351 lines

crates.io docs.rs license

selinux-sys: Unsafe Rust bindings for libselinux

SELinux is a flexible Mandatory Access Control (MAC) for Linux.

This crate exposes neither deprecated nor undocumented SELinux API functions and types.

This crate is Linux-specific. Building it for non-Linux platforms, or for the Linux kernel, results in an empty crate.

Supported environment variables

This crate depends on some environment variables, and variants of those. For each environment variable (e.g., CC), the following are the accepted variants of it:

  • <var>_<target>, e.g., CC_aarch64-unknown-linux-gnu.
  • <var>_<target-with-underscores>, e.g., CC_aarch64_unknown_linux_gnu.
  • TARGET_<var>, e.g., TARGET_CC.
  • <var>, e.g., CC.

The following environment variables (and their variants) affect how this crate is built:

  • CC

Dynamic or static linking

This crate links to libselinux dynamically if possible, except when targeting platforms based on the musl C library.

This behavior can be changed either by setting the environment variable SELINUX_STATIC to 1, or by enabling the crate feature static. If both are defined, then the value of SELINUX_STATIC takes precedence.

Setting SELINUX_STATIC to 0 mandates dynamic linking.

Finding SELinux library and headers

By default, this crate finds SELinux headers and library based on the default target C compiler.

This behavior can be changed by:

  • Either defining the environment variable SELINUX_PATH to the path of a directory containing the sub-directories include and lib where the headers and library are installed.
  • Or by defining one or both of the environment variables SELINUX_INCLUDE_DIR and SELINUX_LIB_DIR to paths to the directories where headers and library are present. If SELINUX_PATH is also defined, then SELINUX_INCLUDE_DIR and SELINUX_LIB_DIR take precedence.

Depending on this crate

This crate provides the following variables to other crates that depend on it:

  • DEP_SELINUX_INCLUDE: Path of the directory where library C header files reside.
  • DEP_SELINUX_LIB: Path of the directory where the library binary resides.


This project adheres to Semantic Versioning. The CHANGELOG.md file details notable changes over time.


~38K SLoC