github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

rkt: Fix incomplete selinux context string when the option is partial.

Browse Source 
Add Getfilecon() into the selinux interface.
This commit is contained in:
Yifan Gu
2016-06-06 16:23:16 -07:00
parent e49e367cd1
commit 8596d25ad5
6 changed files with 61 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
pkg/util/selinux/selinux.go
View File

@@ -16,12 +16,14 @@ limitations under the License.
package selinux
// chconRunner knows how to chcon a directory.
type ChconRunner interface {
// SelinuxContextRunner knows how to chcon of a directory and
// how to get the selinux context of a file.
type SelinuxContextRunner interface {
SetContext(dir, context string) error
Getfilecon(path string) (string, error)
}
// newChconRunner returns a new chconRunner.
func NewChconRunner() ChconRunner {
return &realChconRunner{}
// NewSelinuxContextRunner returns a new chconRunner.
func NewSelinuxContextRunner() SelinuxContextRunner {
return &realSelinuxContextRunner{}
}

13
pkg/util/selinux/selinux_linux.go
View File

@@ -19,12 +19,14 @@ limitations under the License.
package selinux
import (
"fmt"
"github.com/opencontainers/runc/libcontainer/selinux"
)
type realChconRunner struct{}
type realSelinuxContextRunner struct{}
func (_ *realChconRunner) SetContext(dir, context string) error {
func (_ *realSelinuxContextRunner) SetContext(dir, context string) error {
// If SELinux is not enabled, return an empty string
if !selinux.SelinuxEnabled() {
return nil
@@ -32,3 +34,10 @@ func (_ *realChconRunner) SetContext(dir, context string) error {
return selinux.Setfilecon(dir, context)
}
func (_ *realSelinuxContextRunner) Getfilecon(path string) (string, error) {
if !selinux.SelinuxEnabled() {
return "", fmt.Errorf("SELinux is not enabled")
}
return selinux.Getfilecon(path)
}

9
pkg/util/selinux/selinux_unsupported.go
View File

@@ -18,9 +18,14 @@ limitations under the License.
package selinux
type realChconRunner struct{}
type realSelinuxContextRunner struct{}
func (_ *realChconRunner) SetContext(dir, context string) error {
func (_ *realSelinuxContextRunner) SetContext(dir, context string) error {
// NOP
return nil
}
func (_ *realSelinuxContextRunner) Getfilecon(path string) (string, error) {
// NOP
return "", nil
}