代码拉取完成,页面将自动刷新
同步操作将从 openEuler/syscontainer-tools 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
// Copyright (c) Huawei Technologies Co., Ltd. 2018-2019. All rights reserved.
// syscontainer-tools is licensed under the Mulan PSL v2.
// You can use this software according to the terms and conditions of the Mulan PSL v2.
// You may obtain a copy of Mulan PSL v2 at:
// http://license.coscl.org.cn/MulanPSL2
// THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR
// IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR
// PURPOSE.
// See the Mulan PSL v2 for more details.
// Description: selinux relabel commands
// Author: zhangwei
// Create: 2018-01-18
// go base main package
package main
import (
"fmt"
"io/ioutil"
"os/exec"
"isula.org/syscontainer-tools/utils"
"github.com/opencontainers/runc/libcontainer/selinux"
"github.com/sirupsen/logrus"
"github.com/urfave/cli"
)
var (
// Seconfig is absolute path for SELinux config file
Seconfig = "/etc/selinux/config"
hostSystemd = "/lib/systemd/systemd"
)
type selinuxCommand struct {
cmd string
argv []string
}
type selinuxContext struct {
conType string
path string
}
func relabelIsuladBinary(path, bin string) error {
cmd := exec.Command("semanage", []string{"fcontext", "-a", "-t", "init_exec_t", fmt.Sprintf("%s/%s", path, bin)}...)
if err := cmd.Start(); err != nil {
return err
}
return nil
}
func restartIsulad() error {
restart := selinuxCommand{"systemctl", []string{"restart", "isulad"}}
cmd := exec.Command(restart.cmd, restart.argv...)
logrus.Infof("%s %v", restart.cmd, restart.argv)
if err := cmd.Run(); err != nil {
logrus.Errorf("%s %v: %v", restart.cmd, restart.argv, err)
return err
}
return nil
}
func relabel(path string) error {
var seType string
var attr string
var err error
if seType, err = utils.SeconfigGet(Seconfig, "SELINUXTYPE"); err != nil {
return err
}
utils.SeconfigSet(Seconfig, "SELINUX", "permissive")
fileContexts := fmt.Sprintf("/etc/selinux/%s/contexts/files/file_contexts.local", seType)
if !utils.IsExist(fileContexts) {
if err = ioutil.WriteFile(fileContexts, []byte(""), 0600); err != nil {
logrus.Errorf("ioutil.WriteFile err: %s", err)
}
}
preStarts := []selinuxCommand{
{"setenforce", []string{"0"}},
}
for _, prestart := range preStarts {
cmd := exec.Command(prestart.cmd, prestart.argv...)
logrus.Infof("%s %v", prestart.cmd, prestart.argv)
if err := cmd.Run(); err != nil {
logrus.Errorf("%s %v: %v", prestart.cmd, prestart.argv, err)
return err
}
}
if attr, err = selinux.Getfilecon(hostSystemd); err != nil {
return nil
}
modifyContexts := []selinuxContext{
{"init_exec_t", path + "/isulad"},
}
con := utils.NewContext(attr)
for _, context := range modifyContexts {
con.SetType(context.conType)
logrus.Infof("%s [%s]", context.path, con.Get())
selinux.Setfilecon(context.path, con.Get())
}
return restartIsulad()
}
func setUpSelinuxLabel(path, rootfs string) error {
if err := relabel(path); err != nil {
return err
}
return nil
}
var relabelCommand = cli.Command{
Name: "relabel",
Usage: "relabel rootfs for running SELinux in system container",
ArgsUsage: `[--isulad-path path] [--rootfs rootfs]`,
Description: `relabel rootfs for running SELinux in system container(a systemd based os is required)`,
Flags: []cli.Flag{
cli.StringFlag{
Name: "isulad-path",
Value: "/usr/bin",
Usage: "isulad's install path",
},
cli.StringFlag{
Name: "rootfs",
Usage: "the absolute path for isulad's rootfs",
},
},
Action: func(context *cli.Context) {
if err := setUpSelinuxLabel(context.String("isulad-path"), context.String("rootfs")); err != nil {
fatal(err)
}
// print result to stdout
fmt.Printf("SELinux relabel success\n")
logrus.Infof("SELinux relabel successfully")
},
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手