Every so often I get to spend a couple of days working on a new computer language, but it has been a while.
I am working on a project to bring SELinux support to docker.
The basic idea is to launch containers with a specific SELinux type and Random MCS label. Using pretty much the same technology as we use with sVirt. We do this using libvirt and virt-sandbox-service in Fedora now, but we want to implement similar support for docker.
One problem I had when I first starting working on this project was that docker is written in the go programming language. I did not know the go language and there were no libselinux bindings for go.
Luckily go is fairly easy to bind to the C Language using cgo. After a couple of weeks work, I put together selinux.go which implements all of the functions that I needed to get containers running with SELinux labels. Going forward it would be nice to hook up all of the libselinux functions. (Patches welcomed).
Package will show up in libselinux-2.2.1-3.fc21
Any input for improvements to go code would be welcome.
Dan Walsh's Blog
- golang support for libselinux in Rawhide.