49 lines
1.3 KiB
Bash
Executable File
49 lines
1.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Copyright The containerd Authors.
|
|
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
#
|
|
# set the desired SELinux mode via envvar
|
|
#
|
|
set -eux -o pipefail
|
|
|
|
if ! type -p getenforce setenforce &>/dev/null; then
|
|
echo SELinux is Disabled
|
|
exit 0
|
|
fi
|
|
|
|
case "${SELINUX}" in
|
|
Disabled)
|
|
if mountpoint -q /sys/fs/selinux; then
|
|
setenforce 0
|
|
umount -v /sys/fs/selinux
|
|
fi
|
|
;;
|
|
Enforcing)
|
|
mountpoint -q /sys/fs/selinux || mount -o rw,relatime -t selinuxfs selinuxfs /sys/fs/selinux
|
|
setenforce 1
|
|
;;
|
|
Permissive)
|
|
mountpoint -q /sys/fs/selinux || mount -o rw,relatime -t selinuxfs selinuxfs /sys/fs/selinux
|
|
setenforce 0
|
|
;;
|
|
*)
|
|
echo "SELinux mode not supported: ${SELINUX}" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
echo SELinux is "$(getenforce)"
|