Add more label checks for selinux enabled

Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-04-07 14:09:46 -07:00
parent c05f329be8
commit 08ed0c8761

View file

@ -9,13 +9,13 @@ import (
) )
func GenLabels(options string) (string, string, error) { func GenLabels(options string) (string, string, error) {
processLabel, mountLabel := selinux.GetLxcContexts() if !selinux.SelinuxEnabled() {
if processLabel == "" { // SELinux is disabled
return "", "", nil return "", "", nil
} }
var err error
processLabel, mountLabel := selinux.GetLxcContexts()
if processLabel != "" {
var ( var (
err error
s = strings.Fields(options) s = strings.Fields(options)
l = len(s) l = len(s)
) )
@ -28,11 +28,12 @@ func GenLabels(options string) (string, string, error) {
processLabel = pcon.Get() processLabel = pcon.Get()
mountLabel, err = selinux.CopyLevel(processLabel, mountLabel) mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
} }
}
return processLabel, mountLabel, err return processLabel, mountLabel, err
} }
func FormatMountLabel(src string, mountLabel string) string { func FormatMountLabel(src string, mountLabel string) string {
if mountLabel != "" { if selinux.SelinuxEnabled() && mountLabel != "" {
switch src { switch src {
case "": case "":
src = fmt.Sprintf("%s,context=%s", src, mountLabel) src = fmt.Sprintf("%s,context=%s", src, mountLabel)
@ -65,6 +66,9 @@ func SetFileLabel(path string, fileLabel string) error {
} }
func GetPidCon(pid int) (string, error) { func GetPidCon(pid int) (string, error) {
if !selinux.SelinuxEnabled() {
return "", nil
}
return selinux.Getpidcon(pid) return selinux.Getpidcon(pid)
} }