forked from kubevirt/kubevirt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathselinux.go
58 lines (51 loc) · 1.51 KB
/
selinux.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package main
import (
"bytes"
"fmt"
"io/ioutil"
"github.com/opencontainers/selinux/go-selinux"
"github.com/spf13/cobra"
)
// NewGetEnforceCommand determines if selinux is enabled in the kernel (enforced or permissive)
func NewGetEnforceCommand() *cobra.Command {
cmd := &cobra.Command{
Use: "getenforce",
Short: "determine if selinux is present",
Args: cobra.ExactArgs(0),
RunE: func(cmd *cobra.Command, args []string) error {
enforcing, err := ioutil.ReadFile("/sys/fs/selinux/enforce")
if err != nil {
fmt.Println("disabled")
} else if bytes.Compare(enforcing, []byte("1")) == 0 {
fmt.Println("enforcing")
} else {
fmt.Println("permissive")
}
return nil
},
}
return cmd
}
func RelabelCommand() *cobra.Command {
return &cobra.Command{
Use: "relabel",
Short: "relabel a file with the given selinux label, if the path is not labeled like this already",
Example: "virt-chroot selinux relabel <new-label> <file-path>",
ValidArgs: nil,
Args: cobra.ExactArgs(2),
RunE: func(cmd *cobra.Command, args []string) error {
label := args[0]
filePath := args[1]
currentFileLabel, err := selinux.FileLabel(filePath)
if err != nil {
return fmt.Errorf("could not retrieve label of file %s. Reason: %v", filePath, err)
}
if currentFileLabel != label {
if err := selinux.Chcon(filePath, label, false); err != nil {
return fmt.Errorf("error relabeling file %s with label %s. Reason: %v", filePath, label, err)
}
}
return nil
},
}
}