jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add call to label to allow it to tell kernel how to label created files 

SELinux supports a call that tells the kernel, from this point onward
create content with this label.  If you pass "", the kernel will
go back to the default.

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This commit is contained in:
Dan Walsh 2014-11-20 17:26:43 -05:00
parent 84c1636580
commit dd89eb9eca
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
label/label.go
View File

@ -25,6 +25,10 @@ func SetFileLabel(path string, fileLabel string) error {
return nil return nil
} }
func SetFileCreateLabel(fileLabel string) error {
return nil
}
func Relabel(path string, fileLabel string, relabel string) error { func Relabel(path string, fileLabel string, relabel string) error {
return nil return nil
} }

8
label/label_selinux.go
View File

@ -87,6 +87,14 @@ func SetFileLabel(path string, fileLabel string) error {
return nil return nil
} }
// Tell the kernel the label for all files to be created
func SetFileCreateLabel(fileLabel string) error {
if selinux.SelinuxEnabled() {
return selinux.Setfscreatecon(fileLabel)
}
return nil
}
// Change the label of path to the filelabel string. If the relabel string // Change the label of path to the filelabel string. If the relabel string
// is "z", relabel will change the MCS label to s0. This will allow all // is "z", relabel will change the MCS label to s0. This will allow all
// containers to share the content. If the relabel string is a "Z" then // containers to share the content. If the relabel string is a "Z" then