podman

1
//go:build linux
2
// +build linux
3

4
package chroot
5

6
import (
7
	"fmt"
8

9
	"github.com/opencontainers/runtime-spec/specs-go"
10
	selinux "github.com/opencontainers/selinux/go-selinux"
11
	"github.com/opencontainers/selinux/go-selinux/label"
12
	"github.com/sirupsen/logrus"
13
)
14

15
// setSelinuxLabel sets the process label for child processes that we'll start.
16
func setSelinuxLabel(spec *specs.Spec) error {
17
	logrus.Debugf("setting selinux label")
18
	if spec.Process.SelinuxLabel != "" && selinux.GetEnabled() {
19
		if err := label.SetProcessLabel(spec.Process.SelinuxLabel); err != nil {
20
			return fmt.Errorf("setting process label to %q: %w", spec.Process.SelinuxLabel, err)
21
		}
22
	}
23
	return nil
24
}
25