danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Add to Memories Share Next Entry
golang support for libselinux in Rawhide.
danwalsh
Every so often I get to spend a couple of days working on a new computer language, but it has been a while.

I am working on a project to bring SELinux support to docker.

The basic idea is to launch containers with a specific SELinux type and Random MCS label.  Using pretty much the same technology as we use with sVirt.  We do this using libvirt and virt-sandbox-service in Fedora now, but we want to implement similar support for docker.

One problem I had when I first starting working on this project was that docker is written in the go programming language. I did not know the go language and there were no libselinux bindings for go.

Luckily go is fairly easy to bind to the C Language using cgo.  After a couple of weeks work, I put together selinux.go which implements all of the functions that I needed to get containers running with SELinux labels.  Going forward it would be nice to hook up all of the libselinux functions. (Patches welcomed).

Package will show up in libselinux-2.2.1-3.fc21

/usr/share/gocode/selinux/selinux.go

Any input for improvements to go code would be welcome.

You are viewing danwalsh