github.com/containerd/Containerd@v1.4.13/script/setup/config-selinux

github.com/containerd/Containerd@v1.4.13/script/setup/config-selinux (about)

     1  #!/usr/bin/env bash
     2  
     3  #   Copyright The containerd Authors.
     4  
     5  #   Licensed under the Apache License, Version 2.0 (the "License");
     6  #   you may not use this file except in compliance with the License.
     7  #   You may obtain a copy of the License at
     8  
     9  #       http://www.apache.org/licenses/LICENSE-2.0
    10  
    11  #   Unless required by applicable law or agreed to in writing, software
    12  #   distributed under the License is distributed on an "AS IS" BASIS,
    13  #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    14  #   See the License for the specific language governing permissions and
    15  #   limitations under the License.
    16  
    17  #
    18  # set the desired SELinux mode via envvar
    19  #
    20  set -eux -o pipefail
    21  
    22  if ! type -p getenforce setenforce &>/dev/null; then
    23    echo SELinux is Disabled
    24    exit 0
    25  fi
    26  
    27  case "${SELINUX}" in
    28    Disabled)
    29      if mountpoint -q /sys/fs/selinux; then
    30        setenforce 0
    31        umount -v /sys/fs/selinux
    32      fi
    33      ;;
    34    Enforcing)
    35      mountpoint -q /sys/fs/selinux || mount -o rw,relatime -t selinuxfs selinuxfs /sys/fs/selinux
    36      setenforce 1
    37      ;;
    38    Permissive)
    39      mountpoint -q /sys/fs/selinux || mount -o rw,relatime -t selinuxfs selinuxfs /sys/fs/selinux
    40      setenforce 0
    41      ;;
    42    *)
    43      echo "SELinux mode not supported: ${SELINUX}" >&2
    44      exit 1
    45      ;;
    46  esac
    47  
    48  echo SELinux is $(getenforce)