1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00

source/kernel: better error reporting

Get rid of distracting error in the log in case selinux is not enabled
in the kernel. Still print an error only if sysfs/fs directory is not
available, though, which indicates that we're not able to correctly
detect the presence of selinux.
This commit is contained in:
Markus Lehtonen 2021-08-12 18:28:41 +03:00
parent 85c1410e18
commit 73704e2e11

View file

@ -19,15 +19,30 @@ package kernel
import (
"fmt"
"io/ioutil"
"os"
"path/filepath"
"k8s.io/klog/v2"
"sigs.k8s.io/node-feature-discovery/source"
)
// Detect if selinux has been enabled in the kernel
func SelinuxEnabled() (bool, error) {
status, err := ioutil.ReadFile(source.SysfsDir.Path("fs/selinux/enforce"))
sysfsBase := source.SysfsDir.Path("fs")
if _, err := os.Stat(sysfsBase); err != nil {
return false, fmt.Errorf("unable to detect selinux status: %w", err)
}
selinuxBase := filepath.Join(sysfsBase, "selinux")
if _, err := os.Stat(selinuxBase); os.IsNotExist(err) {
klog.V(1).Info("selinux not available on the system")
return false, nil
}
status, err := ioutil.ReadFile(filepath.Join(selinuxBase, "enforce"))
if err != nil {
return false, fmt.Errorf("failed to detect the status of selinux, please check if the system supports selinux and make sure /sys on the host is mounted into the container: %s", err.Error())
return false, fmt.Errorf("failed to detect the status of selinux: %w", err)
}
if status[0] == byte('1') {
// selinux is enabled.