podman

1
package selinux
2

3
import (
4
	"github.com/opencontainers/selinux/go-selinux"
5
)
6

7
// KVMLabel returns labels for running kvm isolated containers
8
func KVMLabel(cLabel string) (string, error) {
9
	if cLabel == "" {
10
		// selinux is disabled
11
		return "", nil
12
	}
13
	processLabel, _ := selinux.KVMContainerLabels()
14
	selinux.ReleaseLabel(processLabel)
15
	return swapSELinuxLabel(cLabel, processLabel)
16
}
17

18
// InitLabel returns labels for running systemd based containers
19
func InitLabel(cLabel string) (string, error) {
20
	if cLabel == "" {
21
		// selinux is disabled
22
		return "", nil
23
	}
24
	processLabel, _ := selinux.InitContainerLabels()
25
	selinux.ReleaseLabel(processLabel)
26
	return swapSELinuxLabel(cLabel, processLabel)
27
}
28

29
func swapSELinuxLabel(cLabel, processLabel string) (string, error) {
30
	dcon, err := selinux.NewContext(cLabel)
31
	if err != nil {
32
		return "", err
33
	}
34
	scon, err := selinux.NewContext(processLabel)
35
	if err != nil {
36
		return "", err
37
	}
38
	dcon["type"] = scon["type"]
39
	return dcon.Get(), nil
40
}
41