Merge pull request #1050 from rhatdan/selinux
We need to release the SELinux label when we destroy the sandbox
This commit is contained in:
Daniel J Walsh
GitHub
commit
2e26e9b2ec
4 changed files with 17 additions and 3 deletions
2
vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
generated
vendored
2
vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
generated
vendored
|
|
@ -49,8 +49,10 @@ func InitLabels(options []string) (string, string, error) {
|
|||
mcon[con[0]] = con[1]
|
||||
}
|
||||
}
|
||||
_ = ReleaseLabel(processLabel)
|
||||
processLabel = pcon.Get()
|
||||
mountLabel = mcon.Get()
|
||||
_ = ReserveLabel(processLabel)
|
||||
}
|
||||
return processLabel, mountLabel, nil
|
||||
}
|
||||
|
|
|
|||
4
vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
generated
vendored
4
vendor/github.com/opencontainers/selinux/go-selinux/selinux.go
generated
vendored
|
|
@ -213,7 +213,7 @@ func SetFileLabel(path string, label string) error {
|
|||
return lsetxattr(path, xattrNameSelinux, []byte(label), 0)
|
||||
}
|
||||
|
||||
// Filecon returns the SELinux label for this path or returns an error.
|
||||
// FileLabel returns the SELinux label for this path or returns an error.
|
||||
func FileLabel(path string) (string, error) {
|
||||
label, err := lgetxattr(path, xattrNameSelinux)
|
||||
if err != nil {
|
||||
|
|
@ -331,7 +331,7 @@ func EnforceMode() int {
|
|||
}
|
||||
|
||||
/*
|
||||
SetEnforce sets the current SELinux mode Enforcing, Permissive.
|
||||
SetEnforceMode sets the current SELinux mode Enforcing, Permissive.
|
||||
Disabled is not valid, since this needs to be set at boot time.
|
||||
*/
|
||||
func SetEnforceMode(mode int) error {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue