label_selinux.go 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081
  1. // +build selinux,linux
  2. package label
  3. import (
  4. "fmt"
  5. "github.com/dotcloud/docker/pkg/selinux"
  6. "strings"
  7. )
  8. func GenLabels(options string) (string, string, error) {
  9. if !selinux.SelinuxEnabled() {
  10. return "", "", nil
  11. }
  12. var err error
  13. processLabel, mountLabel := selinux.GetLxcContexts()
  14. if processLabel != "" {
  15. var (
  16. s = strings.Fields(options)
  17. l = len(s)
  18. )
  19. if l > 0 {
  20. pcon := selinux.NewContext(processLabel)
  21. for i := 0; i < l; i++ {
  22. o := strings.Split(s[i], "=")
  23. pcon[o[0]] = o[1]
  24. }
  25. processLabel = pcon.Get()
  26. mountLabel, err = selinux.CopyLevel(processLabel, mountLabel)
  27. }
  28. }
  29. return processLabel, mountLabel, err
  30. }
  31. func FormatMountLabel(src, mountLabel string) string {
  32. if mountLabel != "" {
  33. switch src {
  34. case "":
  35. src = fmt.Sprintf("context=%q", mountLabel)
  36. default:
  37. src = fmt.Sprintf("%s,context=%q", src, mountLabel)
  38. }
  39. }
  40. return src
  41. }
  42. func SetProcessLabel(processLabel string) error {
  43. if selinux.SelinuxEnabled() {
  44. return selinux.Setexeccon(processLabel)
  45. }
  46. return nil
  47. }
  48. func GetProcessLabel() (string, error) {
  49. if selinux.SelinuxEnabled() {
  50. return selinux.Getexeccon()
  51. }
  52. return "", nil
  53. }
  54. func SetFileLabel(path string, fileLabel string) error {
  55. if selinux.SelinuxEnabled() && fileLabel != "" {
  56. return selinux.Setfilecon(path, fileLabel)
  57. }
  58. return nil
  59. }
  60. func GetPidCon(pid int) (string, error) {
  61. if !selinux.SelinuxEnabled() {
  62. return "", nil
  63. }
  64. return selinux.Getpidcon(pid)
  65. }
  66. func Init() {
  67. selinux.SelinuxEnabled()
  68. }
  69. func ReserveLabel(label string) {
  70. selinux.ReserveLabel(label)
  71. }