Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add interface to determine if selinux is enabled on the host. #20

Closed
wants to merge 1 commit into from
Closed

Add interface to determine if selinux is enabled on the host. #20

wants to merge 1 commit into from

Conversation

rhatdan
Copy link
Collaborator

@rhatdan rhatdan commented Oct 26, 2017

This will allow container runtimes to differentiate whether SELinux is disabled
for the runtime versus disabled for the host system.

Signed-off-by: Daniel J Walsh dwalsh@redhat.com

@rhatdan rhatdan mentioned this pull request Oct 26, 2017
Closed
runcom
runcom reviewed Oct 26, 2017
View reviewed changes
go-selinux/label/label_selinux_test.go Outdated
testUser := []string{"user:user_u", "role:user_r", "type:user_t", "level:s0:c1,c15"}
plabel, mlabel, err = InitLabels(testUser)
if err != nil {
t.Log("InitLabels User Failed")
t.Fatal(err)
}
if plabel != "user_u:user_r:user_t:s0:c1,c15" || (mlabel != "user_u:object_r:container_file_t:s0:c1,c15" && mlabel != "user_u:object_r:svirt_sandbox_file_t:s0:c1,c15") {
t.Log("InitLabels User Match Failed")
t.Log("InitLabels User Match Failed", plabel, mlabel)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you need Logf("InitLabels User Match Failed %s, %s", plabel, mlabel)

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@runcom
Copy link
Member

runcom commented Oct 26, 2017

👍

@rhatdan
Copy link
Collaborator Author

rhatdan commented Oct 26, 2017

Hold off on merging this, I am worried about another potential issue.

@rhatdan
Copy link
Collaborator Author

rhatdan commented Oct 26, 2017

Ok I fixed the issue, that I had added. Now a disabled container, does not disable all containers. :^(

@rhatdan
Add interface to determine if selinux is enabled on the host.
b73834c 
This will allow container runtimes to differentiate whether SELinux is disabled
for the runtime versus disabled for the host system.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
@kolyshkin kolyshkin mentioned this pull request Mar 30, 2018
Closed
@thaJeztah
Copy link
Member

@rhatdan this still something you needed? If so, looks like this needs a rebase 😅

@rhatdan
Copy link
Collaborator Author

rhatdan commented Mar 9, 2020

@thaJeztah it is so old, now that I think I will just close it,

@rhatdan rhatdan closed this Mar 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@runcom runcom runcom left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@rhatdan @runcom @thaJeztah