Dan Walsh
6932807107
Add support for r/o mount labels
...
We need support for read/only mounts in SELinux to allow a bunch of
containers to share the same read/only image. In order to do this
we need a new label which allows container processes to read/execute
all files but not write them.
Existing mount label is either shared write or private write. This
label is shared read/execute.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-17 16:56:42 -04:00
Bryan Boreham
4a87beb661
Use '=' instead of ':' separator on labels, which is now deprecated by Docker
...
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2016-04-29 13:01:44 +01:00
Tatsushi Inagaki
78e1a4fc2e
Selinux: reduce redundant parsing of mountinfo
...
Avoid parsing the whole lines of mountinfo after the mountpoint
is found.
Signed-off-by: Tatsushi Inagaki <e29253@jp.ibm.com>
2016-04-22 09:41:28 +09:00
Akihiro Suda
1829531241
Fix trivial style errors reported by `go vet` and `golint`
...
No substantial code change.
Note that some style errors reported by `golint` are not fixed due to possible compatibility issues.
Signed-off-by: Akihiro Suda <suda.kyoto@gmail.com>
2016-04-12 08:13:16 +00:00
Aleksa Sarai
6c59168557
Merge pull request #730 from rhatdan/getfilecon
...
Add label.GetFileLabel interface
2016-04-09 05:25:11 +00:00
Mrunal Patel
b24892c6b3
Fix broken build due to missing import
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-08 16:35:20 -07:00
Mrunal Patel
c6cfce304b
Synchronize writes to mcs map
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-08 14:16:00 -07:00
Dan Walsh
ff066b84ce
Add label.GetFileLabel interface
...
One of our volume plugins needs to get the label of the target mount point
so that it can set the content inside of the volume to match.
We need label.GetFileLabel() to make this work.
Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-04-08 13:10:37 -04:00
rajasec
039d25c341
Added error check in Getfilecon
...
Signed-off-by: rajasec <rajasec79@gmail.com>
Fixed review comments
Signed-off-by: rajasec <rajasec79@gmail.com>
Fixed review comments for adding length check
Signed-off-by: rajasec <rajasec79@gmail.com>
Fixed review comment
Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-24 17:37:28 +05:30
Alexander Morozov
6c9532f063
Merge pull request #461 from ahmetalpbalkan/selinux-setenforce
...
selinux: add SelinuxSetEnforceMode implementation
2016-01-15 13:01:27 -08:00
Ahmet Alp Balkan
c8b5e150f1
selinux: add SelinuxSetEnforceMode implementation
...
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2016-01-08 16:48:30 +00:00
rajasec
a6614ba40f
Fixing TestSetFilecon in selinux test step
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-11-28 13:51:46 +05:30
rajasec
9f4d5340f4
Adding selinux label
...
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-11-26 19:44:51 +05:30
Michael Crosby
080df7ab88
Update import paths for new repository
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:59 -07:00
Michael Crosby
8f97d39dd2
Move libcontainer into subdirectory
...
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:15 -07:00