aboutsummaryrefslogtreecommitdiff
path: root/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go')
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go11
1 files changed, 7 insertions, 4 deletions
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 5bfcc0490..54597398b 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -892,13 +892,13 @@ func openContextFile() (*os.File, error) {
return os.Open(lxcPath)
}
-var labels = loadLabels()
+var labels, privContainerMountLabel = loadLabels()
-func loadLabels() map[string]string {
+func loadLabels() (map[string]string, string) {
labels := make(map[string]string)
in, err := openContextFile()
if err != nil {
- return labels
+ return labels, ""
}
defer in.Close()
@@ -920,7 +920,10 @@ func loadLabels() map[string]string {
}
}
- return labels
+ con, _ := NewContext(labels["file"])
+ con["level"] = fmt.Sprintf("s0:c%d,c%d", maxCategory-2, maxCategory-1)
+ reserveLabel(con.get())
+ return labels, con.get()
}
// kvmContainerLabels returns the default processLabel and mountLabel to be used
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-12 14:00:37 +0000