Merge pull request docker-archive#275 from rhatdan/selinux

Add call to label to allow it to tell kernel how to label created files
krivenok · Nov 20, 2014 · a943fba · a943fba
2 parents 84c1636 + dd89eb9
commit a943fba
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/label/label.go b/label/label.go
@@ -25,6 +25,10 @@ func SetFileLabel(path string, fileLabel string) error {
 	return nil
 }
 
+func SetFileCreateLabel(fileLabel string) error {
+	return nil
+}
+
 func Relabel(path string, fileLabel string, relabel string) error {
 	return nil
 }

diff --git a/label/label_selinux.go b/label/label_selinux.go
@@ -87,6 +87,14 @@ func SetFileLabel(path string, fileLabel string) error {
 	return nil
 }
 
+// Tell the kernel the label for all files to be created
+func SetFileCreateLabel(fileLabel string) error {
+	if selinux.SelinuxEnabled() {
+		return selinux.Setfscreatecon(fileLabel)
+	}
+	return nil
+}
+
 // Change the label of path to the filelabel string.  If the relabel string
 // is "z", relabel will change the MCS label to s0.  This will allow all
 // containers to share the content.  If the relabel string is a "Z" then