Tired of ads? Upgrade to paid account and never see ads again!

danwalsh


Dan Walsh's Blog

Got SELinux?


Previous Entry Share Next Entry
golang support for libselinux in Rawhide.
danwalsh
Every so often I get to spend a couple of days working on a new computer language, but it has been a while.

I am working on a project to bring SELinux support to docker.

The basic idea is to launch containers with a specific SELinux type and Random MCS label.  Using pretty much the same technology as we use with sVirt.  We do this using libvirt and virt-sandbox-service in Fedora now, but we want to implement similar support for docker.

One problem I had when I first starting working on this project was that docker is written in the go programming language. I did not know the go language and there were no libselinux bindings for go.

Luckily go is fairly easy to bind to the C Language using cgo.  After a couple of weeks work, I put together selinux.go which implements all of the functions that I needed to get containers running with SELinux labels.  Going forward it would be nice to hook up all of the libselinux functions. (Patches welcomed).

Package will show up in libselinux-2.2.1-3.fc21

/usr/share/gocode/selinux/selinux.go

Any input for improvements to go code would be welcome.

You are viewing danwalsh