k3s/pkg/agent/containerd/selinux.go

package containerd

import (
	"github.com/opencontainers/selinux/go-selinux"
)

const (
	SELinuxContextType = "container_runtime_t"
)

func selinuxStatus() (bool, bool, error) {
	if !selinux.GetEnabled() {
		return false, false, nil
	}

	label, err := selinux.CurrentLabel()
	if err != nil {
		return true, false, err
	}

	ctx, err := selinux.NewContext(label)
	if err != nil {
		return true, false, err
	}

	return true, ctx["type"] == SELinuxContextType, nil
}
Support SELinux 2020-02-24 20:13:59 +00:00			`package containerd`

			`import (`
			`"github.com/opencontainers/selinux/go-selinux"`
			`)`

			`const (`
			`SELinuxContextType = "container_runtime_t"`
			`)`

Simplify SELinux detection and add --disable-selinux flag 2020-02-28 17:10:55 +00:00			`func selinuxStatus() (bool, bool, error) {`
Support SELinux 2020-02-24 20:13:59 +00:00			`if !selinux.GetEnabled() {`
Simplify SELinux detection and add --disable-selinux flag 2020-02-28 17:10:55 +00:00			`return false, false, nil`
Support SELinux 2020-02-24 20:13:59 +00:00			`}`

			`label, err := selinux.CurrentLabel()`
			`if err != nil {`
Simplify SELinux detection and add --disable-selinux flag 2020-02-28 17:10:55 +00:00			`return true, false, err`
Support SELinux 2020-02-24 20:13:59 +00:00			`}`

			`ctx, err := selinux.NewContext(label)`
			`if err != nil {`
Simplify SELinux detection and add --disable-selinux flag 2020-02-28 17:10:55 +00:00			`return true, false, err`
Support SELinux 2020-02-24 20:13:59 +00:00			`}`

Simplify SELinux detection and add --disable-selinux flag 2020-02-28 17:10:55 +00:00			`return true, ctx["type"] == SELinuxContextType, nil`
Support SELinux 2020-02-24 20:13:59 +00:00			`}`