From 73704e2e1132e188bbf8943ad3572e020bfa9107 Mon Sep 17 00:00:00 2001 From: Markus Lehtonen Date: Thu, 12 Aug 2021 18:28:41 +0300 Subject: [PATCH] source/kernel: better error reporting Get rid of distracting error in the log in case selinux is not enabled in the kernel. Still print an error only if sysfs/fs directory is not available, though, which indicates that we're not able to correctly detect the presence of selinux. --- source/kernel/selinux.go | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/source/kernel/selinux.go b/source/kernel/selinux.go index c5f32adc9..ef505f5bf 100644 --- a/source/kernel/selinux.go +++ b/source/kernel/selinux.go @@ -19,15 +19,30 @@ package kernel import ( "fmt" "io/ioutil" + "os" + "path/filepath" + + "k8s.io/klog/v2" "sigs.k8s.io/node-feature-discovery/source" ) // Detect if selinux has been enabled in the kernel func SelinuxEnabled() (bool, error) { - status, err := ioutil.ReadFile(source.SysfsDir.Path("fs/selinux/enforce")) + sysfsBase := source.SysfsDir.Path("fs") + if _, err := os.Stat(sysfsBase); err != nil { + return false, fmt.Errorf("unable to detect selinux status: %w", err) + } + + selinuxBase := filepath.Join(sysfsBase, "selinux") + if _, err := os.Stat(selinuxBase); os.IsNotExist(err) { + klog.V(1).Info("selinux not available on the system") + return false, nil + } + + status, err := ioutil.ReadFile(filepath.Join(selinuxBase, "enforce")) if err != nil { - return false, fmt.Errorf("failed to detect the status of selinux, please check if the system supports selinux and make sure /sys on the host is mounted into the container: %s", err.Error()) + return false, fmt.Errorf("failed to detect the status of selinux: %w", err) } if status[0] == byte('1') { // selinux is enabled.