Skip to content

Commit

Permalink
Merge pull request NVIDIA#847 from empovit/fix-selinix-label-mps
Browse files Browse the repository at this point in the history
Fix applying SELinux label for MPS
  • Loading branch information
elezar authored Aug 2, 2024
2 parents d6de726 + a63946c commit d899752
Show file tree
Hide file tree
Showing 11 changed files with 23 additions and 2,229 deletions.
28 changes: 23 additions & 5 deletions cmd/mps-control-daemon/mps/daemon.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ package mps

import (
"bytes"
"errors"
"fmt"
"io"
"os"
"os/exec"
"path/filepath"

"github.com/opencontainers/selinux/go-selinux"
"k8s.io/klog/v2"

"github.com/NVIDIA/k8s-device-plugin/internal/rm"
Expand Down Expand Up @@ -98,10 +98,8 @@ func (d *Daemon) Start() error {
return fmt.Errorf("error creating directory %v: %w", pipeDir, err)
}

if selinux.EnforceMode() == selinux.Enforcing {
if err := selinux.Chcon(pipeDir, "container_file_t", true); err != nil {
return fmt.Errorf("error setting SELinux context: %w", err)
}
if err := setSELinuxContext(pipeDir, "container_file_t"); err != nil {
return fmt.Errorf("error setting SELinux context: %w", err)
}

logDir := d.LogDir()
Expand Down Expand Up @@ -143,6 +141,26 @@ func (d *Daemon) Start() error {
return nil
}

func setSELinuxContext(path string, context string) error {
_, err := os.Stat("/sys/fs/selinux")
if err != nil && errors.Is(err, os.ErrNotExist) {
klog.InfoS("SELinux disabled, not updating context", "path", path)
return nil
} else if err != nil {
return fmt.Errorf("error checking if SELinux is enabled: %w", err)
}

klog.InfoS("SELinux enabled, setting context", "path", path, "context", context)
chconCmd := exec.Command("chcon", "-R", "-t", context, path)
output, err := chconCmd.CombinedOutput()
if err != nil {
klog.Errorf("\n%v", string(output))
return err
}

return nil
}

// Stop ensures that the MPS daemon is quit.
func (d *Daemon) Stop() error {
_, err := d.EchoPipeToControl("quit")
Expand Down
1 change: 0 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ require (
github.com/fsnotify/fsnotify v1.7.0
github.com/google/renameio v1.0.1
github.com/google/uuid v1.6.0
github.com/opencontainers/selinux v1.11.0
github.com/prometheus/procfs v0.15.1
github.com/sirupsen/logrus v1.9.3
github.com/stretchr/testify v1.9.0
Expand Down
201 changes: 0 additions & 201 deletions vendor/github.com/opencontainers/selinux/LICENSE

This file was deleted.

13 changes: 0 additions & 13 deletions vendor/github.com/opencontainers/selinux/go-selinux/doc.go

This file was deleted.

Loading

0 comments on commit d899752

Please sign in to comment.