// getRootDirContext gets the SELinux context of the kubelet rootDir // or returns an error. func (kl *Kubelet) getRootDirContext() (string, error) { // If SELinux is not enabled, return an empty string if !selinux.SelinuxEnabled() { return "", nil } // Get the SELinux context of the rootDir. return selinux.Getfilecon(kl.getRootDir()) }
func TestSetfilecon(t *testing.T) { if selinux.SelinuxEnabled() { tmp := "selinux_test" con := "system_u:object_r:bin_t:s0" out, _ := os.OpenFile(tmp, os.O_WRONLY|os.O_CREATE, 0) out.Close() err := selinux.Setfilecon(tmp, con) if err != nil { t.Log("Setfilecon failed") t.Fatal(err) } filecon, err := selinux.Getfilecon(tmp) if err != nil { t.Log("Getfilecon failed") t.Fatal(err) } if con != filecon { t.Fatal("Getfilecon failed, returned %s expected %s", filecon, con) } os.Remove(tmp) } }
func (_ *realSELinuxRunner) Getfilecon(path string) (string, error) { if !SELinuxEnabled() { return "", nil } return selinux.Getfilecon(path) }
func (_ *realSelinuxContextRunner) Getfilecon(path string) (string, error) { if !selinux.SelinuxEnabled() { return "", fmt.Errorf("SELinux is not enabled") } return selinux.Getfilecon(path) }
// GetFileLabel returns the label for specified path func GetFileLabel(path string) (string, error) { return selinux.Getfilecon(path) }