Ensure that selinux is disabled by default
This also includes some portability changes so that the package can be imported with the top level runtime. Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby
parent
08ed0c8761
commit
bcd17c6fdc
4 changed files with 15 additions and 14 deletions
|
|
@ -39,6 +39,11 @@ var (
|
|||
|
||||
type SELinuxContext map[string]string
|
||||
|
||||
// SetDisabled disables selinux support for the package
|
||||
func SetDisabled() {
|
||||
selinuxEnabled, selinuxEnabledChecked = false, true
|
||||
}
|
||||
|
||||
func GetSelinuxMountPoint() string {
|
||||
if selinuxfs != "unknown" {
|
||||
return selinuxfs
|
||||
|
|
@ -140,15 +145,6 @@ func Setfilecon(path string, scon string) error {
|
|||
return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
|
||||
}
|
||||
|
||||
func Getfilecon(path string) (string, error) {
|
||||
var scon []byte
|
||||
|
||||
cnt, err := syscall.Getxattr(path, xattrNameSelinux, scon)
|
||||
scon = make([]byte, cnt)
|
||||
cnt, err = syscall.Getxattr(path, xattrNameSelinux, scon)
|
||||
return string(scon), err
|
||||
}
|
||||
|
||||
func Setfscreatecon(scon string) error {
|
||||
return writeCon("/proc/self/attr/fscreate", scon)
|
||||
}
|
||||
|
|
@ -188,7 +184,7 @@ func writeCon(name string, val string) error {
|
|||
}
|
||||
|
||||
func Setexeccon(scon string) error {
|
||||
return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), scon)
|
||||
return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", system.Gettid()), scon)
|
||||
}
|
||||
|
||||
func (c SELinuxContext) Get() string {
|
||||
|
|
|
|||
|
|
@ -12,9 +12,7 @@ func testSetfilecon(t *testing.T) {
|
|||
out, _ := os.OpenFile(tmp, os.O_WRONLY, 0)
|
||||
out.Close()
|
||||
err := selinux.Setfilecon(tmp, "system_u:object_r:bin_t:s0")
|
||||
if err == nil {
|
||||
t.Log(selinux.Getfilecon(tmp))
|
||||
} else {
|
||||
if err != nil {
|
||||
t.Log("Setfilecon failed")
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
|
@ -41,7 +39,6 @@ func TestSELinux(t *testing.T) {
|
|||
pid := os.Getpid()
|
||||
t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
|
||||
t.Log(selinux.Getcon())
|
||||
t.Log(selinux.Getfilecon("/etc/passwd"))
|
||||
err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
|
||||
if err == nil {
|
||||
t.Log(selinux.Getfscreatecon())
|
||||
|
|
|
|||
|
|
@ -143,3 +143,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
|
|||
}
|
||||
cmd.SysProcAttr.Cloneflags = flag
|
||||
}
|
||||
|
||||
func Gettid() int {
|
||||
return syscall.Gettid()
|
||||
}
|
||||
|
|
|
|||
|
|
@ -13,3 +13,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
|
|||
func UsetCloseOnExec(fd uintptr) error {
|
||||
return ErrNotSupportedPlatform
|
||||
}
|
||||
|
||||
func Gettid() int {
|
||||
return 0
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue