node-feature-discovery/source/kernel/selinux.go

/*
Copyright 2017-2018 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package kernel

import (
	"fmt"
	"io/ioutil"

	"sigs.k8s.io/node-feature-discovery/source"
)

// Detect if selinux has been enabled in the kernel
func SelinuxEnabled() (bool, error) {
	status, err := ioutil.ReadFile(source.SysfsDir.Path("fs/selinux/enforce"))
	if err != nil {
		return false, fmt.Errorf("failed to detect the status of selinux, please check if the system supports selinux and make sure /sys on the host is mounted into the container: %s", err.Error())
	}
	if status[0] == byte('1') {
		// selinux is enabled.
		return true, nil
	}
	return false, nil
}
Advertise selinux status by adding labels This commit: - enables node-feature-dicovery to advertise selinux status on the node by adding a label. - update the template to mount /sys into the container, this is needed to know about the selinux status on the host - adds selinux source for unit tests 2018-03-06 14:11:44 -05:00			`/*`
Move selinux detection to kernel feature source Remove the 'selinux' feature source and move the functionality under the 'kernel' feature source. The selinux feature label is changed to feature.node.kubernetes.io/selinux.enabled The selinux feature source was rather narrow in scope, and, the sole feature it advertised naturally falls under the kernel feature source. 2018-12-20 13:32:31 +02:00			`Copyright 2017-2018 The Kubernetes Authors.`
Advertise selinux status by adding labels This commit: - enables node-feature-dicovery to advertise selinux status on the node by adding a label. - update the template to mount /sys into the container, this is needed to know about the selinux status on the host - adds selinux source for unit tests 2018-03-06 14:11:44 -05:00
			`Licensed under the Apache License, Version 2.0 (the "License");`
			`you may not use this file except in compliance with the License.`
			`You may obtain a copy of the License at`

			`http://www.apache.org/licenses/LICENSE-2.0`

			`Unless required by applicable law or agreed to in writing, software`
			`distributed under the License is distributed on an "AS IS" BASIS,`
			`WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`See the License for the specific language governing permissions and`
			`limitations under the License.`
			`*/`

Move selinux detection to kernel feature source Remove the 'selinux' feature source and move the functionality under the 'kernel' feature source. The selinux feature label is changed to feature.node.kubernetes.io/selinux.enabled The selinux feature source was rather narrow in scope, and, the sole feature it advertised naturally falls under the kernel feature source. 2018-12-20 13:32:31 +02:00			`package kernel`
Advertise selinux status by adding labels This commit: - enables node-feature-dicovery to advertise selinux status on the node by adding a label. - update the template to mount /sys into the container, this is needed to know about the selinux status on the host - adds selinux source for unit tests 2018-03-06 14:11:44 -05:00
			`import (`
			`"fmt"`
Support for non-binary labels Make it possible to advertise also other than simple 'true' values for feature labels. 2018-06-21 19:02:30 +03:00			`"io/ioutil"`
source: parametrise host directory paths Specify and handle system paths we use for discovery in a unified way. 2020-05-20 11:31:09 +03:00
			`"sigs.k8s.io/node-feature-discovery/source"`
Advertise selinux status by adding labels This commit: - enables node-feature-dicovery to advertise selinux status on the node by adding a label. - update the template to mount /sys into the container, this is needed to know about the selinux status on the host - adds selinux source for unit tests 2018-03-06 14:11:44 -05:00			`)`

Move selinux detection to kernel feature source Remove the 'selinux' feature source and move the functionality under the 'kernel' feature source. The selinux feature label is changed to feature.node.kubernetes.io/selinux.enabled The selinux feature source was rather narrow in scope, and, the sole feature it advertised naturally falls under the kernel feature source. 2018-12-20 13:32:31 +02:00			`// Detect if selinux has been enabled in the kernel`
			`func SelinuxEnabled() (bool, error) {`
source: parametrise host directory paths Specify and handle system paths we use for discovery in a unified way. 2020-05-20 11:31:09 +03:00			`status, err := ioutil.ReadFile(source.SysfsDir.Path("fs/selinux/enforce"))`
Advertise selinux status by adding labels This commit: - enables node-feature-dicovery to advertise selinux status on the node by adding a label. - update the template to mount /sys into the container, this is needed to know about the selinux status on the host - adds selinux source for unit tests 2018-03-06 14:11:44 -05:00			`if err != nil {`
logging: start log messages with lower case Standarize logs to be lower case. Signed-off-by: Carlos Eduardo Arango Gutierrez <carangog@redhat.com> 2021-02-25 12:12:06 -05:00			`return false, fmt.Errorf("failed to detect the status of selinux, please check if the system supports selinux and make sure /sys on the host is mounted into the container: %s", err.Error())`
Advertise selinux status by adding labels This commit: - enables node-feature-dicovery to advertise selinux status on the node by adding a label. - update the template to mount /sys into the container, this is needed to know about the selinux status on the host - adds selinux source for unit tests 2018-03-06 14:11:44 -05:00			`}`
			`if status[0] == byte('1') {`
			`// selinux is enabled.`
Move selinux detection to kernel feature source Remove the 'selinux' feature source and move the functionality under the 'kernel' feature source. The selinux feature label is changed to feature.node.kubernetes.io/selinux.enabled The selinux feature source was rather narrow in scope, and, the sole feature it advertised naturally falls under the kernel feature source. 2018-12-20 13:32:31 +02:00			`return true, nil`
Advertise selinux status by adding labels This commit: - enables node-feature-dicovery to advertise selinux status on the node by adding a label. - update the template to mount /sys into the container, this is needed to know about the selinux status on the host - adds selinux source for unit tests 2018-03-06 14:11:44 -05:00			`}`
Move selinux detection to kernel feature source Remove the 'selinux' feature source and move the functionality under the 'kernel' feature source. The selinux feature label is changed to feature.node.kubernetes.io/selinux.enabled The selinux feature source was rather narrow in scope, and, the sole feature it advertised naturally falls under the kernel feature source. 2018-12-20 13:32:31 +02:00			`return false, nil`
Advertise selinux status by adding labels This commit: - enables node-feature-dicovery to advertise selinux status on the node by adding a label. - update the template to mount /sys into the container, this is needed to know about the selinux status on the host - adds selinux source for unit tests 2018-03-06 14:11:44 -05:00			`}`