vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Remove hard coding of SELinux labels on systems without proper selinux policy.

Browse source 
If a system is configured for SELinux but does not know about docker or
containers, then we want the transitions of the policy to work.  Hard coding
the labels causes docker to break on older Fedora and RHEL systems

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This commit is contained in:
Dan Walsh 2014-04-01 09:24:24 -04:00
parent 74349e02c6
commit cecd7a37bf
1 changed files with 6 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
selinux/selinux.go
View file

@ -313,12 +313,9 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
return "", "" return "", ""
} }
lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot()) lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot())
fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
processLabel = "system_u:system_r:svirt_lxc_net_t:s0"
in, err := os.Open(lxcPath) in, err := os.Open(lxcPath)
if err != nil { if err != nil {
goto exit return "", ""
} }
defer in.Close() defer in.Close()
@ -352,6 +349,11 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
} }
} }
} }
if processLabel == "" || fileLabel == "" {
return "", ""
}
exit: exit:
mcs := IntToMcs(os.Getpid(), 1024) mcs := IntToMcs(os.Getpid(), 1024)
scon := NewContext(processLabel) scon := NewContext(processLabel)