Merge pull request #5002 from crosbymichael/rhatdan-selinux

Improve selinux label handling

label/label.go

@@ -6,7 +6,7 @@ func GenLabels(options string) (string, string, error) {
 	return "", "", nil
 }
 
-func FormatMountLabel(src string, MountLabel string) string {
+func FormatMountLabel(src string, mountLabel string) string {
 	return src
 }
 

label/label_selinux.go

@@ -10,12 +10,15 @@ import (
 
 func GenLabels(options string) (string, string, error) {
 	processLabel, mountLabel := selinux.GetLxcContexts()
-	var err error
 	if processLabel == "" { // SELinux is disabled
-		return "", "", err
+		return "", "", nil
 	}
-	s := strings.Fields(options)
+
-	l := len(s)
+	var (
+		err error
+		s   = strings.Fields(options)
+		l   = len(s)
+	)
 	if l > 0 {
 		pcon := selinux.NewContext(processLabel)
 		for i := 0; i < l; i++ {
@@ -28,19 +31,16 @@ func GenLabels(options string) (string, string, error) {
 	return processLabel, mountLabel, err
 }
 
-func FormatMountLabel(src string, MountLabel string) string {
+func FormatMountLabel(src string, mountLabel string) string {
-	var mountLabel string
+	if mountLabel != "" {
-	if src != "" {
+		switch src {
-		mountLabel = src
+		case "":
-		if MountLabel != "" {
+			src = fmt.Sprintf("%s,context=%s", src, mountLabel)
-			mountLabel = fmt.Sprintf("%s,context=\"%s\"", mountLabel, MountLabel)
+		default:
-		}
+			src = fmt.Sprintf("context=%s", mountLabel)
-	} else {
-		if MountLabel != "" {
-			mountLabel = fmt.Sprintf("context=\"%s\"", MountLabel)
 		}
 	}
-	return mountLabel
+	return src
 }
 
 func SetProcessLabel(processLabel string) error {

selinux/selinux.go

@@ -312,7 +312,7 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 	if !SelinuxEnabled() {
 		return "", ""
 	}
-	lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot())
+	lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", GetSELinuxPolicyRoot())
 	in, err := os.Open(lxcPath)
 	if err != nil {
 		return "", ""