-
Notifications
You must be signed in to change notification settings - Fork 1k
/
label_linux.go
32 lines (29 loc) · 932 Bytes
/
label_linux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
package server
import (
"errors"
"fmt"
selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
)
func securityLabel(path, secLabel string, shared, maybeRelabel bool) error {
if maybeRelabel {
canonicalSecLabel, err := selinux.CanonicalizeContext(secLabel)
if err != nil {
logrus.Errorf("Canonicalize label failed %s: %v", secLabel, err)
} else {
currentLabel, err := label.FileLabel(path)
if err == nil && currentLabel == canonicalSecLabel {
logrus.Debugf(
"Skipping relabel for %s, as TrySkipVolumeSELinuxLabel is true and the label of the top level of the volume is already correct",
path)
return nil
}
}
}
if err := label.Relabel(path, secLabel, shared); err != nil && !errors.Is(err, unix.ENOTSUP) {
return fmt.Errorf("relabel failed %s: %w", path, err)
}
return nil
}