Add more label checks for selinux enabled
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby
parent
c05f329be8
commit
08ed0c8761
1 changed files with 20 additions and 16 deletions
|
|
@ -9,13 +9,13 @@ import (
|
|||
)
|
||||
|
||||
func GenLabels(options string) (string, string, error) {
|
||||
processLabel, mountLabel := selinux.GetLxcContexts()
|
||||
if processLabel == "" { // SELinux is disabled
|
||||
if !selinux.SelinuxEnabled() {
|
||||
return "", "", nil
|
||||
}
|
||||
|
||||
var err error
|
||||
processLabel, mountLabel := selinux.GetLxcContexts()
|
||||
if processLabel != "" {
|
||||
var (
|
||||
err error
|
||||
s = strings.Fields(options)
|
||||
l = len(s)
|
||||
)
|
||||
|
|
@ -28,11 +28,12 @@ func GenLabels(options string) (string, string, error) {
|
|||
processLabel = pcon.Get()
|
||||
mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
|
||||
}
|
||||
}
|
||||
return processLabel, mountLabel, err
|
||||
}
|
||||
|
||||
func FormatMountLabel(src string, mountLabel string) string {
|
||||
if mountLabel != "" {
|
||||
if selinux.SelinuxEnabled() && mountLabel != "" {
|
||||
switch src {
|
||||
case "":
|
||||
src = fmt.Sprintf("%s,context=%s", src, mountLabel)
|
||||
|
|
@ -65,6 +66,9 @@ func SetFileLabel(path string, fileLabel string) error {
|
|||
}
|
||||
|
||||
func GetPidCon(pid int) (string, error) {
|
||||
if !selinux.SelinuxEnabled() {
|
||||
return "", nil
|
||||
}
|
||||
return selinux.Getpidcon(pid)
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue