vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Ensure that selinux is disabled by default

Browse source 
This also includes some portability changes so that the package can be
imported with the top level runtime.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-04-07 14:43:50 -07:00
parent 08ed0c8761
commit bcd17c6fdc
4 changed files with 15 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
selinux/selinux.go
View file

@ -39,6 +39,11 @@ var (
type SELinuxContext map[string]string type SELinuxContext map[string]string
// SetDisabled disables selinux support for the package
func SetDisabled() {
selinuxEnabled, selinuxEnabledChecked = false, true
}
func GetSelinuxMountPoint() string { func GetSelinuxMountPoint() string {
if selinuxfs != "unknown" { if selinuxfs != "unknown" {
return selinuxfs return selinuxfs
@ -140,15 +145,6 @@ func Setfilecon(path string, scon string) error {
return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0) return system.Lsetxattr(path, xattrNameSelinux, []byte(scon), 0)
} }
func Getfilecon(path string) (string, error) {
var scon []byte
cnt, err := syscall.Getxattr(path, xattrNameSelinux, scon)
scon = make([]byte, cnt)
cnt, err = syscall.Getxattr(path, xattrNameSelinux, scon)
return string(scon), err
}
func Setfscreatecon(scon string) error { func Setfscreatecon(scon string) error {
return writeCon("/proc/self/attr/fscreate", scon) return writeCon("/proc/self/attr/fscreate", scon)
} }
@ -188,7 +184,7 @@ func writeCon(name string, val string) error {
} }
func Setexeccon(scon string) error { func Setexeccon(scon string) error {
return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", syscall.Gettid()), scon) return writeCon(fmt.Sprintf("/proc/self/task/%d/attr/exec", system.Gettid()), scon)
} }
func (c SELinuxContext) Get() string { func (c SELinuxContext) Get() string {

5
selinux/selinux_test.go
View file

@ -12,9 +12,7 @@ func testSetfilecon(t *testing.T) {
out, _ := os.OpenFile(tmp, os.O_WRONLY, 0) out, _ := os.OpenFile(tmp, os.O_WRONLY, 0)
out.Close() out.Close()
err := selinux.Setfilecon(tmp, "system_u:object_r:bin_t:s0") err := selinux.Setfilecon(tmp, "system_u:object_r:bin_t:s0")
if err == nil { if err != nil {
t.Log(selinux.Getfilecon(tmp))
} else {
t.Log("Setfilecon failed") t.Log("Setfilecon failed")
t.Fatal(err) t.Fatal(err)
} }
@ -41,7 +39,6 @@ func TestSELinux(t *testing.T) {
pid := os.Getpid() pid := os.Getpid()
t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023)) t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
t.Log(selinux.Getcon()) t.Log(selinux.Getcon())
t.Log(selinux.Getfilecon("/etc/passwd"))
err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0") err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
if err == nil { if err == nil {
t.Log(selinux.Getfscreatecon()) t.Log(selinux.Getfscreatecon())

4
system/calls_linux.go
View file

@ -143,3 +143,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
} }
cmd.SysProcAttr.Cloneflags = flag cmd.SysProcAttr.Cloneflags = flag
} }
func Gettid() int {
return syscall.Gettid()
}

4
system/unsupported.go
View file

@ -13,3 +13,7 @@ func SetCloneFlags(cmd *exec.Cmd, flag uintptr) {
func UsetCloseOnExec(fd uintptr) error { func UsetCloseOnExec(fd uintptr) error {
return ErrNotSupportedPlatform return ErrNotSupportedPlatform
} }
func Gettid() int {
return 0
}