mirror of
				https://github.com/containers/podman.git
				synced 2025-10-26 02:35:43 +08:00 
			
		
		
		
	 995cd97c10
			
		
	
	995cd97c10
	
	
	
		
			
			Since functions are now in an selinux subpackage, they should not start with SELinux Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
		
			
				
	
	
		
			41 lines
		
	
	
		
			985 B
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			41 lines
		
	
	
		
			985 B
		
	
	
	
		
			Go
		
	
	
	
	
	
| package selinux
 | |
| 
 | |
| import (
 | |
| 	"github.com/opencontainers/selinux/go-selinux"
 | |
| )
 | |
| 
 | |
| // KVMLabel returns labels for running kvm isolated containers
 | |
| func KVMLabel(cLabel string) (string, error) {
 | |
| 	if cLabel == "" {
 | |
| 		// selinux is disabled
 | |
| 		return "", nil
 | |
| 	}
 | |
| 	processLabel, _ := selinux.KVMContainerLabels()
 | |
| 	selinux.ReleaseLabel(processLabel)
 | |
| 	return swapSELinuxLabel(cLabel, processLabel)
 | |
| }
 | |
| 
 | |
| // InitLabel returns labels for running systemd based containers
 | |
| func InitLabel(cLabel string) (string, error) {
 | |
| 	if cLabel == "" {
 | |
| 		// selinux is disabled
 | |
| 		return "", nil
 | |
| 	}
 | |
| 	processLabel, _ := selinux.InitContainerLabels()
 | |
| 	selinux.ReleaseLabel(processLabel)
 | |
| 	return swapSELinuxLabel(cLabel, processLabel)
 | |
| }
 | |
| 
 | |
| func swapSELinuxLabel(cLabel, processLabel string) (string, error) {
 | |
| 	dcon, err := selinux.NewContext(cLabel)
 | |
| 	if err != nil {
 | |
| 		return "", err
 | |
| 	}
 | |
| 	scon, err := selinux.NewContext(processLabel)
 | |
| 	if err != nil {
 | |
| 		return "", err
 | |
| 	}
 | |
| 	dcon["type"] = scon["type"]
 | |
| 	return dcon.Get(), nil
 | |
| }
 |