vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Switch to github.com/golang/dep for vendoring

Browse source 
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
This commit is contained in:
Mrunal Patel 2017-01-31 16:45:59 -08:00
parent d6ab91be27
commit 8e5b17cf13
15431 changed files with 3971413 additions and 8881 deletions
Download patch file Download diff file Expand all files Collapse all files

29
vendor/github.com/opencontainers/runc/libcontainer/label/label_selinux.go generated vendored
View file

@ -33,19 +33,15 @@ func InitLabels(options []string) (string, string, error) {
pcon := selinux.NewContext(processLabel)
mcon := selinux.NewContext(mountLabel)
for _, opt := range options {
val := strings.SplitN(opt, "=", 2)
if val[0] != "label" {
continue
}
if len(val) < 2 {
return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt)
}
if val[1] == "disable" {
if opt == "disable" {
return "", "", nil
}
con := strings.SplitN(val[1], ":", 2)
if len(con) < 2 || !validOptions[con[0]] {
return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type'", con[0])
if i := strings.Index(opt, ":"); i == -1 {
return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt)
}
con := strings.SplitN(opt, ":", 2)
if !validOptions[con[0]] {
return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type'", con[0])
}
pcon[con[0]] = con[1]
@ -111,7 +107,7 @@ func SetFileLabel(path string, fileLabel string) error {
return nil
}
// SetFileCreateLabel tells the kernel the label for all files to be created
// Tell the kernel the label for all files to be created
func SetFileCreateLabel(fileLabel string) error {
if selinux.SelinuxEnabled() {
return selinux.Setfscreatecon(fileLabel)
@ -119,7 +115,7 @@ func SetFileCreateLabel(fileLabel string) error {
return nil
}
// Relabel changes the label of path to the filelabel string.
// Change the label of path to the filelabel string.
// It changes the MCS label to s0 if shared is true.
// This will allow all containers to share the content.
func Relabel(path string, fileLabel string, shared bool) error {
@ -133,7 +129,7 @@ func Relabel(path string, fileLabel string, shared bool) error {
exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true}
if exclude_paths[path] {
return fmt.Errorf("SELinux relabeling of %s is not allowed", path)
return fmt.Errorf("Relabeling of %s is not allowed", path)
}
if shared {
@ -141,10 +137,7 @@ func Relabel(path string, fileLabel string, shared bool) error {
c["level"] = "s0"
fileLabel = c.Get()
}
if err := selinux.Chcon(path, fileLabel, true); err != nil {
return fmt.Errorf("SELinux relabeling of %s is not allowed: %q", path, err)
}
return nil
return selinux.Chcon(path, fileLabel, true)
}
// GetPidLabel will return the label of the process running with the specified pid