lint

siderolabs · Oct 26, 2024 · 75b4274 · 75b4274
1 parent 0f97ba8
commit 75b4274
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 5 deletions.
diff --git a/internal/app/machined/pkg/controllers/cri/runc_memfd_bind.go b/internal/app/machined/pkg/controllers/cri/runc_memfd_bind.go
@@ -41,6 +41,8 @@ func (ctrl *RuncMemFDBindController) Outputs() []controller.Output {
 }
 
 // Run implements controller.Controller interface.
+//
+//nolint:gocyclo
 func (ctrl *RuncMemFDBindController) Run(ctx context.Context, r controller.Runtime, logger *zap.Logger) error {
 	// This controller is only relevant in container mode.
 	if ctrl.V1Alpha1Mode == runtimetalos.ModeContainer {
@@ -83,7 +85,7 @@ func (ctrl *RuncMemFDBindController) Run(ctx context.Context, r controller.Runti
 		return fmt.Errorf("mount: failed to mount memfd on top of runc binary path target: %w", err)
 	}
 
-	if selinux.SELinuxEnabled() {
+	if selinux.IsEnabled() {
 		if err := unix.Fsetxattr(int(memfdFile.Fd()), "security.selinux", []byte("system_u:object_r:runc_memfd_t:s0"), 0); err != nil {
 			return err
 		}

diff --git a/internal/pkg/selinux/selinux.go b/internal/pkg/selinux/selinux.go
@@ -14,27 +14,28 @@ import (
 	"github.com/siderolabs/talos/pkg/machinery/constants"
 )
 
-// SELinuxEnabled checks if SELinux is enabled on the system by reading
+// IsEnabled checks if SELinux is enabled on the system by reading
 // the kernel command line. It returns true if SELinux is enabled,
 // otherwise it returns false. It also ensures we're not in a container.
-func SELinuxEnabled() bool {
+func IsEnabled() bool {
 	// TODO: resolve circular dependency with platform
 	if _, err := os.Stat("/usr/etc/in-container"); err == nil {
 		return false
 	}
 
 	val := procfs.ProcCmdline().Get(constants.KernelParamSELinux).First()
+
 	return val != nil
 }
 
 // SetLabel sets label for file or directory, following symlinks
-// It does not perform the operation in case SELinux is disabled or provided label is empty
+// It does not perform the operation in case SELinux is disabled or provided label is empty.
 func SetLabel(filename string, label string) error {
 	if label == "" {
 		return nil
 	}
 
-	if SELinuxEnabled() {
+	if IsEnabled() {
 		if err := unix.Lsetxattr(filename, "security.selinux", []byte(label), 0); err != nil {
 			return err
 		}