aboutsummaryrefslogtreecommitdiff
path: root/libpod/util_linux.go
diff options
context:
space:
mode:
Diffstat (limited to 'libpod/util_linux.go')
-rw-r--r--libpod/util_linux.go21
1 files changed, 21 insertions, 0 deletions
diff --git a/libpod/util_linux.go b/libpod/util_linux.go
index 30e2538c3..a801df2ee 100644
--- a/libpod/util_linux.go
+++ b/libpod/util_linux.go
@@ -9,6 +9,7 @@ import (
"github.com/containerd/cgroups"
"github.com/containers/libpod/pkg/util"
spec "github.com/opencontainers/runtime-spec/specs-go"
+ "github.com/opencontainers/selinux/go-selinux/label"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -91,3 +92,23 @@ func GetV1CGroups(excludes []string) cgroups.Hierarchy {
return filtered, nil
}
}
+
+// LabelVolumePath takes a mount path for a volume and gives it an
+// selinux label of either shared or not
+func LabelVolumePath(path string, shared bool) error {
+ _, mountLabel, err := label.InitLabels([]string{})
+ if err != nil {
+ return errors.Wrapf(err, "error getting default mountlabels")
+ }
+ if err := label.ReleaseLabel(mountLabel); err != nil {
+ return errors.Wrapf(err, "error releasing label %q", mountLabel)
+ }
+ if err := label.Relabel(path, mountLabel, shared); err != nil {
+ permString := "private"
+ if shared {
+ permString = "shared"
+ }
+ return errors.Wrapf(err, "error setting selinux label for %s to %q as %s", path, mountLabel, permString)
+ }
+ return nil
+}