2014-03-18 20:49:16 +00:00
|
|
|
// +build selinux,linux
|
|
|
|
|
|
|
|
package label
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"strings"
|
2014-04-28 21:36:04 +00:00
|
|
|
|
2014-06-09 22:52:12 +00:00
|
|
|
"github.com/dotcloud/docker/pkg/libcontainer/selinux"
|
2014-03-18 20:49:16 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func GenLabels(options string) (string, string, error) {
|
2014-04-07 21:09:46 +00:00
|
|
|
if !selinux.SelinuxEnabled() {
|
2014-04-02 16:52:49 +00:00
|
|
|
return "", "", nil
|
2014-03-18 20:49:16 +00:00
|
|
|
}
|
2014-04-07 21:09:46 +00:00
|
|
|
var err error
|
|
|
|
processLabel, mountLabel := selinux.GetLxcContexts()
|
|
|
|
if processLabel != "" {
|
|
|
|
var (
|
|
|
|
s = strings.Fields(options)
|
|
|
|
l = len(s)
|
|
|
|
)
|
|
|
|
if l > 0 {
|
|
|
|
pcon := selinux.NewContext(processLabel)
|
|
|
|
for i := 0; i < l; i++ {
|
|
|
|
o := strings.Split(s[i], "=")
|
|
|
|
pcon[o[0]] = o[1]
|
|
|
|
}
|
|
|
|
processLabel = pcon.Get()
|
|
|
|
mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
|
2014-03-18 20:49:16 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
return processLabel, mountLabel, err
|
|
|
|
}
|
|
|
|
|
2014-04-17 23:47:27 +00:00
|
|
|
func FormatMountLabel(src, mountLabel string) string {
|
|
|
|
if mountLabel != "" {
|
2014-04-02 16:52:49 +00:00
|
|
|
switch src {
|
|
|
|
case "":
|
2014-04-17 23:47:27 +00:00
|
|
|
src = fmt.Sprintf("context=%q", mountLabel)
|
2014-04-02 16:52:49 +00:00
|
|
|
default:
|
2014-04-17 23:47:27 +00:00
|
|
|
src = fmt.Sprintf("%s,context=%q", src, mountLabel)
|
2014-03-18 20:49:16 +00:00
|
|
|
}
|
|
|
|
}
|
2014-04-02 16:52:49 +00:00
|
|
|
return src
|
2014-03-18 20:49:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func SetProcessLabel(processLabel string) error {
|
|
|
|
if selinux.SelinuxEnabled() {
|
|
|
|
return selinux.Setexeccon(processLabel)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func GetProcessLabel() (string, error) {
|
|
|
|
if selinux.SelinuxEnabled() {
|
|
|
|
return selinux.Getexeccon()
|
|
|
|
}
|
|
|
|
return "", nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func SetFileLabel(path string, fileLabel string) error {
|
|
|
|
if selinux.SelinuxEnabled() && fileLabel != "" {
|
|
|
|
return selinux.Setfilecon(path, fileLabel)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func GetPidCon(pid int) (string, error) {
|
2014-04-07 21:09:46 +00:00
|
|
|
if !selinux.SelinuxEnabled() {
|
|
|
|
return "", nil
|
|
|
|
}
|
2014-03-18 20:49:16 +00:00
|
|
|
return selinux.Getpidcon(pid)
|
|
|
|
}
|
2014-04-01 14:03:29 +00:00
|
|
|
|
|
|
|
func Init() {
|
|
|
|
selinux.SelinuxEnabled()
|
|
|
|
}
|
2014-04-21 21:09:26 +00:00
|
|
|
|
2014-04-28 21:36:04 +00:00
|
|
|
func ReserveLabel(label string) error {
|
2014-04-21 21:09:26 +00:00
|
|
|
selinux.ReserveLabel(label)
|
2014-04-28 21:36:04 +00:00
|
|
|
return nil
|
2014-04-21 21:09:26 +00:00
|
|
|
}
|