From bcd17c6fdc1adb600d974f79cafb29486e5e5709 Mon Sep 17 00:00:00 2001
From: Michael Crosby <michael@crosbymichael.com>
Date: Mon, 7 Apr 2014 14:43:50 -0700
Subject: [PATCH] Ensure that selinux is disabled by default

This also includes some portability changes so that the package can be
imported with the top level runtime.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
---
 selinux/selinux.go      | 16 ++++++----------
 selinux/selinux_test.go |  5 +----
 system/calls_linux.go   |  4 ++++
 system/unsupported.go   |  4 ++++
 4 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/selinux/selinux.go b/selinux/selinux.go
index 5362308..d2d90b1 100644
--- a/selinux/selinux.go
+++ b/selinux/selinux.go
@@ -39,6 +39,11 @@ var (
 
 type SELinuxContext map[string]string
 
+// SetDisabled disables selinux support for the package
+func SetDisabled() {
+	selinuxEnabled, selinuxEnabledChecked = false, true
+}
+
 func GetSelinuxMountPoint() string {
 	if selinuxfs != "unknown" {
 		return selinuxfs
@@ -140,15 +145,6 @@ func Setfilecon(path string, scon string) error {
 	return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
 }
 
-func Getfilecon(path string) (string, error) {
-	var scon []byte
-
-	cnt, err := syscall.Getxattr(path, xattrNameSelinux, scon)
-	scon = make([]byte, cnt)
-	cnt, err = syscall.Getxattr(path, xattrNameSelinux, scon)
-	return string(scon), err
-}
-
 func Setfscreatecon(scon string) error {
 	return writeCon("/proc/self/attr/fscreate", scon)
 }
@@ -188,7 +184,7 @@ func writeCon(name string, val string) error {
 }
 
 func Setexeccon(scon string) error {
-	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), scon)
+	return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", system.Gettid()), scon)
 }
 
 func (c SELinuxContext) Get() string {
diff --git a/selinux/selinux_test.go b/selinux/selinux_test.go
index 6b59c1d..181452a 100644
--- a/selinux/selinux_test.go
+++ b/selinux/selinux_test.go
@@ -12,9 +12,7 @@ func testSetfilecon(t *testing.T) {
 		out, _ := os.OpenFile(tmp, os.O_WRONLY, 0)
 		out.Close()
 		err := selinux.Setfilecon(tmp, "system_u:object_r:bin_t:s0")
-		if err == nil {
-			t.Log(selinux.Getfilecon(tmp))
-		} else {
+		if err != nil {
 			t.Log("Setfilecon failed")
 			t.Fatal(err)
 		}
@@ -41,7 +39,6 @@ func TestSELinux(t *testing.T) {
 		pid := os.Getpid()
 		t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
 		t.Log(selinux.Getcon())
-		t.Log(selinux.Getfilecon("/etc/passwd"))
 		err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
 		if err == nil {
 			t.Log(selinux.Getfscreatecon())
diff --git a/system/calls_linux.go b/system/calls_linux.go
index 43c00ed..cc4727a 100644
--- a/system/calls_linux.go
+++ b/system/calls_linux.go
@@ -143,3 +143,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
 	}
 	cmd.SysProcAttr.Cloneflags = flag
 }
+
+func Gettid() int {
+	return syscall.Gettid()
+}
diff --git a/system/unsupported.go b/system/unsupported.go
index eb3ec7e..c52a1e5 100644
--- a/system/unsupported.go
+++ b/system/unsupported.go
@@ -13,3 +13,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
 func UsetCloseOnExec(fd uintptr) error {
 	return ErrNotSupportedPlatform
 }
+
+func Gettid() int {
+	return 0
+}