mirrors/node-feature-discovery
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-14 11:57:51 +00:00
Code Activity

source/kernel: better error reporting

Browse source 
Get rid of distracting error in the log in case selinux is not enabled
in the kernel. Still print an error only if sysfs/fs directory is not
available, though, which indicates that we're not able to correctly
detect the presence of selinux.
This commit is contained in:
Markus Lehtonen 2021-08-12 18:28:41 +03:00
parent 85c1410e18
commit 73704e2e11
1 changed files with 17 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
source/kernel/selinux.go
View file

@ -19,15 +19,30 @@ package kernel
import ( import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os"
"path/filepath"
"k8s.io/klog/v2"
"sigs.k8s.io/node-feature-discovery/source" "sigs.k8s.io/node-feature-discovery/source"
) )
// Detect if selinux has been enabled in the kernel // Detect if selinux has been enabled in the kernel
func SelinuxEnabled() (bool, error) { func SelinuxEnabled() (bool, error) {
status, err := ioutil.ReadFile(source.SysfsDir.Path("fs/selinux/enforce")) sysfsBase := source.SysfsDir.Path("fs")
if _, err := os.Stat(sysfsBase); err != nil {
return false, fmt.Errorf("unable to detect selinux status: %w", err)
}
selinuxBase := filepath.Join(sysfsBase, "selinux")
if _, err := os.Stat(selinuxBase); os.IsNotExist(err) {
klog.V(1).Info("selinux not available on the system")
return false, nil
}
status, err := ioutil.ReadFile(filepath.Join(selinuxBase, "enforce"))
if err != nil { if err != nil {
return false, fmt.Errorf("failed to detect the status of selinux, please check if the system supports selinux and make sure /sys on the host is mounted into the container: %s", err.Error()) return false, fmt.Errorf("failed to detect the status of selinux: %w", err)
} }
if status[0] == byte('1') { if status[0] == byte('1') {
// selinux is enabled. // selinux is enabled.