| #!/usr/bin/env bash |
| |
| # Copyright The containerd Authors. |
| |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # |
| # set the desired SELinux mode via envvar |
| # |
| set -eux -o pipefail |
| |
| if ! type -p getenforce setenforce &>/dev/null; then |
| echo SELinux is Disabled |
| exit 0 |
| fi |
| |
| case "${SELINUX}" in |
| Disabled) |
| if mountpoint -q /sys/fs/selinux; then |
| setenforce 0 |
| umount -v /sys/fs/selinux |
| fi |
| ;; |
| Enforcing) |
| mountpoint -q /sys/fs/selinux || mount -o rw,relatime -t selinuxfs selinuxfs /sys/fs/selinux |
| setenforce 1 |
| ;; |
| Permissive) |
| mountpoint -q /sys/fs/selinux || mount -o rw,relatime -t selinuxfs selinuxfs /sys/fs/selinux |
| setenforce 0 |
| ;; |
| *) |
| echo "SELinux mode not supported: ${SELINUX}" >&2 |
| exit 1 |
| ;; |
| esac |
| |
| echo SELinux is "$(getenforce)" |
