Beispiel #1
0
// getRootDirContext gets the SELinux context of the kubelet rootDir
// or returns an error.
func (kl *Kubelet) getRootDirContext() (string, error) {
	// If SELinux is not enabled, return an empty string
	if !selinux.SelinuxEnabled() {
		return "", nil
	}

	// Get the SELinux context of the rootDir.
	return selinux.Getfilecon(kl.getRootDir())
}
Beispiel #2
0
func TestSetfilecon(t *testing.T) {
	if selinux.SelinuxEnabled() {
		tmp := "selinux_test"
		con := "system_u:object_r:bin_t:s0"
		out, _ := os.OpenFile(tmp, os.O_WRONLY|os.O_CREATE, 0)
		out.Close()
		err := selinux.Setfilecon(tmp, con)
		if err != nil {
			t.Log("Setfilecon failed")
			t.Fatal(err)
		}
		filecon, err := selinux.Getfilecon(tmp)
		if err != nil {
			t.Log("Getfilecon failed")
			t.Fatal(err)
		}
		if con != filecon {
			t.Fatal("Getfilecon failed, returned %s expected %s", filecon, con)
		}

		os.Remove(tmp)
	}
}
func (_ *realSELinuxRunner) Getfilecon(path string) (string, error) {
	if !SELinuxEnabled() {
		return "", nil
	}
	return selinux.Getfilecon(path)
}
Beispiel #4
0
func (_ *realSelinuxContextRunner) Getfilecon(path string) (string, error) {
	if !selinux.SelinuxEnabled() {
		return "", fmt.Errorf("SELinux is not enabled")
	}
	return selinux.Getfilecon(path)
}
Beispiel #5
0
// GetFileLabel returns the label for specified path
func GetFileLabel(path string) (string, error) {
	return selinux.Getfilecon(path)
}