kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Remove and unexport selinux functions

Browse source 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-04-07 14:59:44 -07:00
parent 82f37b874e
commit 028d44d126
2 changed files with 9 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

25
pkg/selinux/selinux.go
View file

@ -44,7 +44,7 @@ func SetDisabled() {
selinuxEnabled, selinuxEnabledChecked = false, true
}
func GetSelinuxMountPoint() string {
func getSelinuxMountPoint() string {
if selinuxfs != "unknown" {
return selinuxfs
}
@ -75,15 +75,15 @@ func SelinuxEnabled() bool {
return selinuxEnabled
}
selinuxEnabledChecked = true
if fs := GetSelinuxMountPoint(); fs != "" {
if con, _ := Getcon(); con != "kernel" {
if fs := getSelinuxMountPoint(); fs != "" {
if con, _ := getcon(); con != "kernel" {
selinuxEnabled = true
}
}
return selinuxEnabled
}
func ReadConfig(target string) (value string) {
func readConfig(target string) (value string) {
var (
val, key string
bufin *bufio.Reader
@ -124,8 +124,8 @@ func ReadConfig(target string) (value string) {
return ""
}
func GetSELinuxPolicyRoot() string {
return selinuxDir + ReadConfig(selinuxTypeTag)
func getSELinuxPolicyRoot() string {
return selinuxDir + readConfig(selinuxTypeTag)
}
func readCon(name string) (string, error) {
@ -153,7 +153,7 @@ func Getfscreatecon() (string, error) {
return readCon("/proc/self/attr/fscreate")
}
func Getcon() (string, error) {
func getcon() (string, error) {
return readCon("/proc/self/attr/current")
}
@ -220,7 +220,7 @@ func SelinuxGetEnforce() int {
}
func SelinuxGetEnforceMode() int {
switch ReadConfig(selinuxTag) {
switch readConfig(selinuxTag) {
case "enforcing":
return Enforcing
case "permissive":
@ -292,13 +292,6 @@ func uniqMcs(catRange uint32) string {
return mcs
}
func FreeContext(con string) {
if con != "" {
scon := NewContext(con)
mcsDelete(scon["level"])
}
}
func GetLxcContexts() (processLabel string, fileLabel string) {
var (
val, key string
@ -308,7 +301,7 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
if !SelinuxEnabled() {
return "", ""
}
lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", GetSELinuxPolicyRoot())
lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", getSELinuxPolicyRoot())
in, err := os.Open(lxcPath)
if err != nil {
return "", ""

2
pkg/selinux/selinux_test.go
View file

@ -38,7 +38,6 @@ func TestSELinux(t *testing.T) {
t.Log("getenforcemode ", selinux.SelinuxGetEnforceMode())
pid := os.Getpid()
t.Log("PID:%d MCS:%s\n", pid, selinux.IntToMcs(pid, 1023))
t.Log(selinux.Getcon())
err = selinux.Setfscreatecon("unconfined_u:unconfined_r:unconfined_t:s0")
if err == nil {
t.Log(selinux.Getfscreatecon())
@ -54,7 +53,6 @@ func TestSELinux(t *testing.T) {
t.Fatal(err)
}
t.Log(selinux.Getpidcon(1))
t.Log(selinux.GetSelinuxMountPoint())
} else {
t.Log("Disabled")
}