Merge pull request #6372 from fidencio/wip/seutil-fix-container_kvm_t-type-detection

seutil: Fix setting the "container_kvm_t" label
2021-12-15 10:35:04 -08:00
parent 3c3486f91b f1c7993311
commit 2c9d80aba5
2 changed files with 1 additions and 38 deletions
--- a/pkg/cri/server/helpers_linux.go
+++ b/pkg/cri/server/helpers_linux.go
@@ -269,17 +269,10 @@ func modifyProcessLabel(runtimeType string, spec *specs.Spec) error {
 	if !isVMBasedRuntime(runtimeType) {
 		return nil
 	}
-	l, err := getKVMLabel(spec.Process.SelinuxLabel)
+	l, err := seutil.ChangeToKVM(spec.Process.SelinuxLabel)
 	if err != nil {
 		return errors.Wrap(err, "failed to get selinux kvm label")
 	}
 	spec.Process.SelinuxLabel = l
 	return nil
 }
-
-func getKVMLabel(l string) (string, error) {
-	if !seutil.HasType("container_kvm_t") {
-		return "", nil
-	}
-	return seutil.ChangeToKVM(l)
-}
--- a/pkg/seutil/seutil.go
+++ b/pkg/seutil/seutil.go
@@ -17,39 +17,9 @@
 package seutil

 import (
-	"bufio"
-	"os"
-
 	"github.com/opencontainers/selinux/go-selinux"
 )

-var seTypes map[string]struct{}
-
-const typePath = "/etc/selinux/targeted/contexts/customizable_types"
-
-func init() {
-	seTypes = make(map[string]struct{})
-	if !selinux.GetEnabled() {
-		return
-	}
-	f, err := os.Open(typePath)
-	if err != nil {
-		return
-	}
-	defer f.Close()
-	s := bufio.NewScanner(f)
-	for s.Scan() {
-		seTypes[s.Text()] = struct{}{}
-	}
-}
-
-// HasType returns true if the underlying system has the
-// provided selinux type enabled.
-func HasType(name string) bool {
-	_, ok := seTypes[name]
-	return ok
-}
-
 // ChangeToKVM process label
 func ChangeToKVM(l string) (string, error) {
 	if l == "" || !selinux.GetEnabled() {