Commit Graph

15 Commits

Author SHA1 Message Date
Dan Walsh 6932807107 Add support for r/o mount labels
We need support for read/only mounts in SELinux to allow a bunch of
containers to share the same read/only image.  In order to do this
we need a new label which allows container processes to read/execute
all files but not write them.

Existing mount label is either shared write or private write.  This
label is shared read/execute.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-10-17 16:56:42 -04:00
Bryan Boreham 4a87beb661 Use '=' instead of ':' separator on labels, which is now deprecated by Docker
Signed-off-by: Bryan Boreham <bjboreham@gmail.com>
2016-04-29 13:01:44 +01:00
Tatsushi Inagaki 78e1a4fc2e Selinux: reduce redundant parsing of mountinfo
Avoid parsing the whole lines of mountinfo after the mountpoint
is found.

Signed-off-by: Tatsushi Inagaki <e29253@jp.ibm.com>
2016-04-22 09:41:28 +09:00
Akihiro Suda 1829531241 Fix trivial style errors reported by `go vet` and `golint`
No substantial code change.
Note that some style errors reported by `golint` are not fixed due to possible compatibility issues.

Signed-off-by: Akihiro Suda <suda.kyoto@gmail.com>
2016-04-12 08:13:16 +00:00
Aleksa Sarai 6c59168557 Merge pull request #730 from rhatdan/getfilecon
Add label.GetFileLabel interface
2016-04-09 05:25:11 +00:00
Mrunal Patel b24892c6b3 Fix broken build due to missing import
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-08 16:35:20 -07:00
Mrunal Patel c6cfce304b Synchronize writes to mcs map
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2016-04-08 14:16:00 -07:00
Dan Walsh ff066b84ce Add label.GetFileLabel interface
One of our volume plugins needs to get the label of the target mount point
so that it can set the content inside of the volume to match.

We need label.GetFileLabel() to make this work.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2016-04-08 13:10:37 -04:00
rajasec 039d25c341 Added error check in Getfilecon
Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed review comments

Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed review comments for adding length check

Signed-off-by: rajasec <rajasec79@gmail.com>

Fixed review comment

Signed-off-by: rajasec <rajasec79@gmail.com>
2016-02-24 17:37:28 +05:30
Alexander Morozov 6c9532f063 Merge pull request #461 from ahmetalpbalkan/selinux-setenforce
selinux: add SelinuxSetEnforceMode implementation
2016-01-15 13:01:27 -08:00
Ahmet Alp Balkan c8b5e150f1 selinux: add SelinuxSetEnforceMode implementation
Signed-off-by: Ahmet Alp Balkan <ahmetalpbalkan@gmail.com>
2016-01-08 16:48:30 +00:00
rajasec a6614ba40f Fixing TestSetFilecon in selinux test step
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-11-28 13:51:46 +05:30
rajasec 9f4d5340f4 Adding selinux label
Signed-off-by: rajasec <rajasec79@gmail.com>
2015-11-26 19:44:51 +05:30
Michael Crosby 080df7ab88 Update import paths for new repository
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:59 -07:00
Michael Crosby 8f97d39dd2 Move libcontainer into subdirectory
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
2015-06-21 19:29:15 -07:00