github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/pkg/selinux/selinux.go

github.com/hanks177/podman/v4@v4.1.3-0.20220613032544-16d90015bc83/pkg/selinux/selinux.go (about)

     1  package selinux
     2  
     3  import (
     4  	"github.com/opencontainers/selinux/go-selinux"
     5  )
     6  
     7  // KVMLabel returns labels for running kvm isolated containers
     8  func KVMLabel(cLabel string) (string, error) {
     9  	if cLabel == "" {
    10  		// selinux is disabled
    11  		return "", nil
    12  	}
    13  	processLabel, _ := selinux.KVMContainerLabels()
    14  	selinux.ReleaseLabel(processLabel)
    15  	return swapSELinuxLabel(cLabel, processLabel)
    16  }
    17  
    18  // InitLabel returns labels for running systemd based containers
    19  func InitLabel(cLabel string) (string, error) {
    20  	if cLabel == "" {
    21  		// selinux is disabled
    22  		return "", nil
    23  	}
    24  	processLabel, _ := selinux.InitContainerLabels()
    25  	selinux.ReleaseLabel(processLabel)
    26  	return swapSELinuxLabel(cLabel, processLabel)
    27  }
    28  
    29  func swapSELinuxLabel(cLabel, processLabel string) (string, error) {
    30  	dcon, err := selinux.NewContext(cLabel)
    31  	if err != nil {
    32  		return "", err
    33  	}
    34  	scon, err := selinux.NewContext(processLabel)
    35  	if err != nil {
    36  		return "", err
    37  	}
    38  	dcon["type"] = scon["type"]
    39  	return dcon.Get(), nil
    40  }