Skip to content

Commit

Permalink
virt-chroot: use sysfs node for getenforce instead of less-reliable g…
Browse files Browse the repository at this point in the history 
…o-selinux

Signed-off-by: Jed Lejosne <[email protected]>
  • Loading branch information
@jean-edouard
jean-edouard committed Sep 11, 2020
1 parent 6e5513c commit cc1b84f
Showing 1 changed file with 8 additions and 10 deletions.
18 changes: 8 additions & 10 deletions cmd/virt-chroot/selinux.go
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
package main

import (
"bytes"
"fmt"
"io/ioutil"

"github.com/opencontainers/selinux/go-selinux"
"github.com/spf13/cobra"
Expand All @@ -14,17 +16,13 @@ func NewGetEnforceCommand() *cobra.Command {
Short: "determine if selinux is present",
Args: cobra.ExactArgs(0),
RunE: func(cmd *cobra.Command, args []string) error {
if selinux.GetEnabled() {
mode := selinux.EnforceMode()
if mode == selinux.Enforcing {
fmt.Println("enforcing")
} else if mode == selinux.Permissive {
fmt.Println("permissive")
} else {
fmt.Println("disabled")
}
} else {
enforcing, err := ioutil.ReadFile("/sys/fs/selinux/enforce")
if err != nil {
fmt.Println("disabled")
} else if bytes.Compare(enforcing, []byte("1")) == 0 {
fmt.Println("enforcing")
} else {
fmt.Println("permissive")
}
return nil
},
Expand Down

0 comments on commit cc1b84f

Please sign in to comment.