Merge pull request #180 from rhatdan/relabel1

Allow relabeling of files/directories under /usr prefix
opencontainers · Sep 26, 2022 · 00d547f · 00d547f
2 parents 4a3908c + d3ccb69
commit 00d547f
Showing 1 changed file with 0 additions and 18 deletions.
diff --git a/go-selinux/selinux_linux.go b/go-selinux/selinux_linux.go
@@ -1072,21 +1072,6 @@ func copyLevel(src, dest string) (string, error) {
 	return tcon.Get(), nil
 }
 
-// Prevent users from relabeling system files
-func badPrefix(fpath string) error {
-	if fpath == "" {
-		return ErrEmptyPath
-	}
-
-	badPrefixes := []string{"/usr"}
-	for _, prefix := range badPrefixes {
-		if strings.HasPrefix(fpath, prefix) {
-			return fmt.Errorf("relabeling content in %s is not allowed", prefix)
-		}
-	}
-	return nil
-}
-
 // chcon changes the fpath file object to the SELinux label label.
 // If fpath is a directory and recurse is true, then chcon walks the
 // directory tree setting the label.
@@ -1097,9 +1082,6 @@ func chcon(fpath string, label string, recurse bool) error {
 	if label == "" {
 		return nil
 	}
-	if err := badPrefix(fpath); err != nil {
-		return err
-	}
 
 	if !recurse {
 		return setFileLabel(fpath, label)