package containerd

import (
	"github.com/opencontainers/selinux/go-selinux"
)

const (
	SELinuxContextType = "container_runtime_t"
)

func selinuxStatus() (bool, bool, error) {
	if !selinux.GetEnabled() {
		return false, false, nil
	}

	label, err := selinux.CurrentLabel()
	if err != nil {
		return true, false, err
	}

	ctx, err := selinux.NewContext(label)
	if err != nil {
		return true, false, err
	}

	return true, ctx["type"] == SELinuxContextType, nil
}