Merge pull request #1112 from rhatdan/romount

Mrunal Patel · web-flow · commit 30a122d06835 · 2016-10-17T14:45:32.000-07:00
Add support for r/o mount labels
diff --git a/libcontainer/label/label.go b/libcontainer/label/label.go
@@ -9,6 +9,10 @@ func InitLabels(options []string) (string, string, error) {
 	return "", "", nil
 }
 
+func GetROMountLabel() string {
+	return ""
+}
+
 func GenLabels(options string) (string, string, error) {
 	return "", "", nil
 }
diff --git a/libcontainer/label/label_selinux.go b/libcontainer/label/label_selinux.go
@@ -59,6 +59,10 @@ func InitLabels(options []string) (string, string, error) {
 	return processLabel, mountLabel, nil
 }
 
+func GetROMountLabel() string {
+	return selinux.GetROFileLabel()
+}
+
 // DEPRECATED: The GenLabels function is only to be used during the transition to the official API.
 func GenLabels(options string) (string, string, error) {
 	return InitLabels(strings.Fields(options))
diff --git a/libcontainer/label/label_selinux_test.go b/libcontainer/label/label_selinux_test.go
@@ -19,6 +19,10 @@ func TestInit(t *testing.T) {
 			t.Fatal(err)
 		}
 		testDisabled := []string{"label=disable"}
+		roMountLabel := GetROMountLabel()
+		if roMountLabel == "" {
+			t.Errorf("GetROMountLabel Failed")
+		}
 		plabel, mlabel, err = InitLabels(testDisabled)
 		if err != nil {
 			t.Log("InitLabels Disabled Failed")
diff --git a/libcontainer/selinux/selinux.go b/libcontainer/selinux/selinux.go
@@ -355,6 +355,12 @@ func FreeLxcContexts(scon string) {
 	}
 }
 
+var roFileLabel string
+
+func GetROFileLabel() (fileLabel string) {
+	return roFileLabel
+}
+
 func GetLxcContexts() (processLabel string, fileLabel string) {
 	var (
 		val, key string
@@ -399,13 +405,19 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
 			if key == "file" {
 				fileLabel = strings.Trim(val, "\"")
 			}
+			if key == "ro_file" {
+				roFileLabel = strings.Trim(val, "\"")
+			}
 		}
 	}
 
 	if processLabel == "" || fileLabel == "" {
 		return "", ""
 	}
 
+	if roFileLabel == "" {
+		roFileLabel = fileLabel
+	}
 exit:
 	//	mcs := IntToMcs(os.Getpid(), 1024)
 	mcs := uniqMcs(1024)

Original file line number	Diff line number	Diff line change
`@@ -9,6 +9,10 @@ func InitLabels(options []string) (string, string, error) {`
`9`	`9`	`return "", "", nil`
`10`	`10`	`}`
`11`	`11`
	`12`	`+func GetROMountLabel() string {`
	`13`	`+ return ""`
	`14`	`+}`
	`15`	`+`
`12`	`16`	`func GenLabels(options string) (string, string, error) {`
`13`	`17`	`return "", "", nil`
`14`	`18`	`}`
Original file line number	Diff line number	Diff line change
`@@ -355,6 +355,12 @@ func FreeLxcContexts(scon string) {`
`355`	`355`	`}`
`356`	`356`	`}`
`357`	`357`
	`358`	`+var roFileLabel string`
	`359`	`+`
	`360`	`+func GetROFileLabel() (fileLabel string) {`
	`361`	`+ return roFileLabel`
	`362`	`+}`
	`363`	`+`
`358`	`364`	`func GetLxcContexts() (processLabel string, fileLabel string) {`
`359`	`365`	`var (`
`360`	`366`	`val, key string`
`@@ -399,13 +405,19 @@ func GetLxcContexts() (processLabel string, fileLabel string) {`
`399`	`405`	`if key == "file" {`
`400`	`406`	`fileLabel = strings.Trim(val, "\"")`
`401`	`407`	`}`
	`408`	`+ if key == "ro_file" {`
	`409`	`+ roFileLabel = strings.Trim(val, "\"")`
	`410`	`+ }`
`402`	`411`	`}`
`403`	`412`	`}`
`404`	`413`
`405`	`414`	`if processLabel == "" \|\| fileLabel == "" {`
`406`	`415`	`return "", ""`
`407`	`416`	`}`
`408`	`417`
	`418`	`+ if roFileLabel == "" {`
	`419`	`+ roFileLabel = fileLabel`
	`420`	`+ }`
`409`	`421`	`exit:`
`410`	`422`	`// mcs := IntToMcs(os.Getpid(), 1024)`
`411`	`423`	`mcs := uniqMcs(1024)`