Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to set fscontext mounts points #196

Merged
merged 1 commit into from
Feb 8, 2023
Merged

Add ability to set fscontext mounts points #196

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions go-selinux/label/label.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,19 +78,37 @@ func ReleaseLabel(label string) error {
// Deprecated: use selinux.DupSecOpt
var DupSecOpt = selinux.DupSecOpt

// FormatMountLabel returns a string to be used by the mount command. Using
// the SELinux `context` mount option. Changing labels of files on mount
// points with this option can never be changed.
// FormatMountLabel returns a string to be used by the mount command.
// The format of this string will be used to alter the labeling of the mountpoint.
// The string returned is suitable to be used as the options field of the mount command.
// If you need to have additional mount point options, you can pass them in as
// the first parameter. Second parameter is the label that you wish to apply
// to all content in the mount point.
func FormatMountLabel(src, mountLabel string) string {
return FormatMountLabelByType(src, mountLabel, "context")
}

// FormatMountLabelByType returns a string to be used by the mount command.
// Allow caller to specify the mount options. For example using the SELinux
// `fscontext` mount option would allow certain container processes to change
// labels of files created on the mount points, where as `context` option does
// not.
// FormatMountLabelByType returns a string to be used by the mount command.
// The format of this string will be used to alter the labeling of the mountpoint.
// The string returned is suitable to be used as the options field of the mount command.
// If you need to have additional mount point options, you can pass them in as
// the first parameter. Second parameter is the label that you wish to apply
// to all content in the mount point.
func FormatMountLabelByType(src, mountLabel, contextType string) string {
if mountLabel != "" {
switch src {
case "":
src = fmt.Sprintf("context=%q", mountLabel)
src = fmt.Sprintf("%s=%q", contextType, mountLabel)
default:
src = fmt.Sprintf("%s,context=%q", src, mountLabel)
src = fmt.Sprintf("%s,%s=%q", src, contextType, mountLabel)
}
}
return src
Expand Down
15 changes: 15 additions & 0 deletions go-selinux/label/label_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,19 @@ func TestFormatMountLabel(t *testing.T) {
if test := FormatMountLabel("src", ""); test != expected {
t.Fatalf("Format failed. Expected %s, got %s", expected, test)
}

expected = `fscontext="foobar"`
if test := FormatMountLabelByType("", "foobar", "fscontext"); test != expected {
t.Fatalf("Format failed. Expected %s, got %s", expected, test)
}

expected = `src,fscontext="foobar"`
if test := FormatMountLabelByType("src", "foobar", "fscontext"); test != expected {
t.Fatalf("Format failed. Expected %s, got %s", expected, test)
}

expected = `src`
if test := FormatMountLabelByType("src", "", "rootcontext"); test != expected {
t.Fatalf("Format failed. Expected %s, got %s", expected, test)
}
}