當前位置: 首頁>>代碼示例>>Golang>>正文

Golang label.InitLabels函數代碼示例

本文整理匯總了Golang中github.com/opencontainers/runc/libcontainer/label.InitLabels函數的典型用法代碼示例。如果您正苦於以下問題:Golang InitLabels函數的具體用法?Golang InitLabels怎麽用?Golang InitLabels使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。


在下文中一共展示了InitLabels函數的7個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。

示例1: Create

// Create prepares the filesystem for the VFS driver and copies the directory for the given id under the parent.
func (d *Driver) Create(id, parent, mountLabel string, storageOpt map[string]string) error {
	if len(storageOpt) != 0 {
		return fmt.Errorf("--storage-opt is not supported for vfs")
	}

	dir := d.dir(id)
	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
	if err != nil {
		return err
	}
	if err := idtools.MkdirAllAs(filepath.Dir(dir), 0700, rootUID, rootGID); err != nil {
		return err
	}
	if err := idtools.MkdirAs(dir, 0755, rootUID, rootGID); err != nil {
		return err
	}
	opts := []string{"level:s0"}
	if _, mountLabel, err := label.InitLabels(opts); err == nil {
		label.SetFileLabel(dir, mountLabel)
	}
	if parent == "" {
		return nil
	}
	parentDir, err := d.Get(parent, "")
	if err != nil {
		return fmt.Errorf("%s: %s", parent, err)
	}
	if err := CopyWithTar(parentDir, dir); err != nil {
		return err
	}
	return nil
}
開發者ID:ungureanuvladvictor,項目名稱:docker,代碼行數:33,代碼來源:driver.go

示例2: parseSecurityOpt

func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
	var (
		labelOpts []string
		err       error
	)

	for _, opt := range config.SecurityOpt {
		con := strings.SplitN(opt, ":", 2)
		if len(con) == 1 {
			return fmt.Errorf("Invalid --security-opt: %q", opt)
		}
		switch con[0] {
		case "label":
			labelOpts = append(labelOpts, con[1])
		case "apparmor":
			container.AppArmorProfile = con[1]
		case "seccomp":
			container.SeccompProfile = con[1]
		default:
			return fmt.Errorf("Invalid --security-opt: %q", opt)
		}
	}

	container.ProcessLabel, container.MountLabel, err = label.InitLabels(labelOpts)
	return err
}
開發者ID:getsymbl,項目名稱:docker,代碼行數:26,代碼來源:daemon_unix.go

示例3: Create

// Create prepares the filesystem for the VFS driver and copies the directory for the given id under the parent.
func (d *Driver) Create(id, parent, mountLabel string) error {
	dir := d.dir(id)
	rootUID, rootGID, err := idtools.GetRootUIDGID(d.uidMaps, d.gidMaps)
	if err != nil {
		return err
	}
	if err := idtools.MkdirAllAs(filepath.Dir(dir), 0700, rootUID, rootGID); err != nil {
		return err
	}
	if err := idtools.MkdirAs(dir, 0755, rootUID, rootGID); err != nil {
		return err
	}
	opts := []string{"level:s0"}
	if _, mountLabel, err := label.InitLabels(opts); err == nil {
		label.SetFileLabel(dir, mountLabel)
	}
	if parent == "" {
		return nil
	}
	parentDir, err := d.Get(parent, "")
	if err != nil {
		return fmt.Errorf("%s: %s", parent, err)
	}
	if err := chrootarchive.CopyWithTar(parentDir, dir); err != nil {
		return err
	}
	return nil
}
開發者ID:m1911,項目名稱:hyper,代碼行數:29,代碼來源:driver.go

示例4: parseSecurityOpt

func parseSecurityOpt(config *specs.Spec, hc *containertypes.HostConfig) error {
	var (
		labelOpts []string
		err       error
	)

	var customSeccompProfile bool
	for _, opt := range hc.SecurityOpt {
		con := strings.SplitN(opt, "=", 2)
		if len(con) <= 1 {
			// try : instead
			con = strings.SplitN(opt, ":", 2)
			if len(con) == 1 {
				return fmt.Errorf("invalid --security-opt: %q", opt)
			}
		}
		switch con[0] {
		case "label":
			labelOpts = append(labelOpts, con[1])
		case "apparmor":
			config.Process.ApparmorProfile = con[1]
		case "seccomp":
			customSeccompProfile = true
			if con[1] != "unconfined" {
				var seccomp specs.Seccomp
				if err := json.Unmarshal([]byte(con[1]), &seccomp); err != nil {
					return fmt.Errorf("parsing seccomp profile failed: %v", err)
				}
				config.Linux.Seccomp = &seccomp
			}
		default:
			return fmt.Errorf("invalid security-opt: %q", opt)
		}
	}

	// set default apparmor profile if possible
	if config.Process.ApparmorProfile == "" && !hc.Privileged {
		config.Process.ApparmorProfile = DefaultApparmorProfile
	}
	if config.Process.ApparmorProfile == "" && hc.Privileged {
		config.Process.ApparmorProfile = "unconfined"
	}

	// runc does not like "unconfined" here
	if config.Process.ApparmorProfile == "unconfined" {
		config.Process.ApparmorProfile = ""
	}

	// set default seccomp profile if the user did not pass a custom profile
	if !customSeccompProfile && !hc.Privileged {
		config.Linux.Seccomp = &defaultSeccompProfile
	}

	config.Process.SelinuxLabel, _, err = label.InitLabels(labelOpts)
	return err
}
開發者ID:jfrazelle,項目名稱:riddler,代碼行數:56,代碼來源:parse.go

示例5: parseSecurityOpt

func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
	//Since config.SecurityOpt is specifically defined as a "List of string values to
	//customize labels for MLs systems, such as SELinux"
	//until we figure out how to map to Trusted Extensions
	//this is being disabled for now on Solaris
	var (
		labelOpts []string
		err       error
	)

	if len(config.SecurityOpt) > 0 {
		return errors.New("Security options are not supported on Solaris")
	}

	container.ProcessLabel, container.MountLabel, err = label.InitLabels(labelOpts)
	return err
}
開發者ID:msabansal,項目名稱:docker,代碼行數:17,代碼來源:daemon_solaris.go

示例6: parseSecurityOpt

func parseSecurityOpt(container *container.Container, config *containertypes.HostConfig) error {
	var (
		labelOpts []string
		err       error
	)

	for _, opt := range config.SecurityOpt {
		if opt == "no-new-privileges" {
			container.NoNewPrivileges = true
			continue
		}

		var con []string
		if strings.Contains(opt, "=") {
			con = strings.SplitN(opt, "=", 2)
		} else if strings.Contains(opt, ":") {
			con = strings.SplitN(opt, ":", 2)
			logrus.Warn("Security options with `:` as a separator are deprecated and will be completely unsupported in 1.14, use `=` instead.")
		}

		if len(con) != 2 {
			return fmt.Errorf("invalid --security-opt 1: %q", opt)
		}

		switch con[0] {
		case "label":
			labelOpts = append(labelOpts, con[1])
		case "apparmor":
			container.AppArmorProfile = con[1]
		case "seccomp":
			container.SeccompProfile = con[1]
		default:
			return fmt.Errorf("invalid --security-opt 2: %q", opt)
		}
	}

	container.ProcessLabel, container.MountLabel, err = label.InitLabels(labelOpts)
	return err
}
開發者ID:docker,項目名稱:docker,代碼行數:39,代碼來源:daemon_unix.go

示例7: Create

// Create prepares the filesystem for the VFS driver and copies the directory for the given id under the parent.
func (d *Driver) Create(id, parent string) error {
	dir := d.dir(id)
	if err := system.MkdirAll(filepath.Dir(dir), 0700); err != nil {
		return err
	}
	if err := os.Mkdir(dir, 0755); err != nil {
		return err
	}
	opts := []string{"level:s0"}
	if _, mountLabel, err := label.InitLabels(opts); err == nil {
		label.SetFileLabel(dir, mountLabel)
	}
	if parent == "" {
		return nil
	}
	parentDir, err := d.Get(parent, "")
	if err != nil {
		return fmt.Errorf("%s: %s", parent, err)
	}
	if err := chrootarchive.CopyWithTar(parentDir, dir); err != nil {
		return err
	}
	return nil
}
開發者ID:rbonillajr,項目名稱:docker,代碼行數:25,代碼來源:driver.go


注:本文中的github.com/opencontainers/runc/libcontainer/label.InitLabels函數示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。