k3s/pkg/agent/containerd/selinux.go

package containerd

import (
	"github.com/opencontainers/selinux/go-selinux"
)

const (
	SELinuxContextType = "container_runtime_t"
)

func selinuxEnabled() (bool, error) {
	if !selinux.GetEnabled() {
		return false, nil
	}

	label, err := selinux.CurrentLabel()
	if err != nil {
		return false, err
	}

	ctx, err := selinux.NewContext(label)
	if err != nil {
		return false, err
	}

	return ctx["type"] == SELinuxContextType, nil
}
Support SELinux 2020-02-24 20:13:59 +00:00			`package containerd`

			`import (`
			`"github.com/opencontainers/selinux/go-selinux"`
			`)`

			`const (`
			`SELinuxContextType = "container_runtime_t"`
			`)`

			`func selinuxEnabled() (bool, error) {`
			`if !selinux.GetEnabled() {`
			`return false, nil`
			`}`

			`label, err := selinux.CurrentLabel()`
			`if err != nil {`
			`return false, err`
			`}`

			`ctx, err := selinux.NewContext(label)`
			`if err != nil {`
			`return false, err`
			`}`

			`return ctx["type"] == SELinuxContextType, nil`
			`}`