vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Remove and unexport selinux functions

Browse source 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-04-07 14:59:44 -07:00
parent bcd17c6fdc
commit 1adf0ae8a4
2 changed files with 9 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
selinux/selinux.go
View file

@ -44,7 +44,7 @@ func SetDisabled() {
selinuxEnabled, selinuxEnabledChecked = false, true selinuxEnabled, selinuxEnabledChecked = false, true
} }
func GetSelinuxMountPoint() string { func getSelinuxMountPoint() string {
if selinuxfs != "unknown" { if selinuxfs != "unknown" {
return selinuxfs return selinuxfs
} }
@ -75,15 +75,15 @@ func SelinuxEnabled() bool {
return selinuxEnabled return selinuxEnabled
} }
selinuxEnabledChecked = true selinuxEnabledChecked = true
if fs := GetSelinuxMountPoint(); fs != "" { if fs := getSelinuxMountPoint(); fs != "" {
if con, _ := Getcon(); con != "kernel" { if con, _ := getcon(); con != "kernel" {
selinuxEnabled = true selinuxEnabled = true
} }
} }
return selinuxEnabled return selinuxEnabled
} }
func ReadConfig(target string) (value string) { func readConfig(target string) (value string) {
var ( var (
val, key string val, key string
bufin *bufio.Reader bufin *bufio.Reader
@ -124,8 +124,8 @@ func ReadConfig(target string) (value string) {
return "" return ""
} }
func GetSELinuxPolicyRoot() string { func getSELinuxPolicyRoot() string {
return selinuxDir + ReadConfig(selinuxTypeTag) return selinuxDir + readConfig(selinuxTypeTag)
} }
func readCon(name string) (string, error) { func readCon(name string) (string, error) {
@ -153,7 +153,7 @@ func Getfscreatecon() (string, error) {
return readCon("/proc/self/attr/fscreate") return readCon("/proc/self/attr/fscreate")
} }
func Getcon() (string, error) { func getcon() (string, error) {
return readCon("/proc/self/attr/current") return readCon("/proc/self/attr/current")
} }
@ -220,7 +220,7 @@ func SelinuxGetEnforce() int {
} }
func SelinuxGetEnforceMode() int { func SelinuxGetEnforceMode() int {
switch ReadConfig(selinuxTag) { switch readConfig(selinuxTag) {
case "enforcing": case "enforcing":
return Enforcing return Enforcing
case "permissive": case "permissive":
@ -292,13 +292,6 @@ func uniqMcs(catRange uint32) string {
return mcs return mcs
} }
func FreeContext(con string) {
if con != "" {
scon := NewContext(con)
mcsDelete(scon["level"])
}
}
func GetLxcContexts() (processLabel string, fileLabel string) { func GetLxcContexts() (processLabel string, fileLabel string) {
var ( var (
val, key string val, key string
@ -308,7 +301,7 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
if !SelinuxEnabled() { if !SelinuxEnabled() {
return "", "" return "", ""
} }
lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", GetSELinuxPolicyRoot()) lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", getSELinuxPolicyRoot())
in, err := os.Open(lxcPath) in, err := os.Open(lxcPath)
if err != nil { if err != nil {
return "", "" return "", ""

2
selinux/selinux_test.go
View file

@ -38,7 +38,6 @@ func TestSELinux(t *testing.T) {
t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode()) t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode())
pid := os.Getpid() pid := os.Getpid()
t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023)) t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
t.Log(selinux.Getcon())
err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0") err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
if err == nil { if err == nil {
t.Log(selinux.Getfscreatecon()) t.Log(selinux.Getfscreatecon())
@ -54,7 +53,6 @@ func TestSELinux(t *testing.T) {
t.Fatal(err) t.Fatal(err)
} }
t.Log(selinux.Getpidcon(1)) t.Log(selinux.Getpidcon(1))
t.Log(selinux.GetSelinuxMountPoint())
} else { } else {
t.Log("Disabled") t.Log("Disabled")
} }