Skip to content
This repository was archived by the owner on Mar 9, 2022. It is now read-only.

Commit a87bda0

Browse files
author
Yanqiang Miao
committed
update selinux to b6fa367
Signed-off-by: Yanqiang Miao <[email protected]>
1 parent 415727c commit a87bda0

7 files changed

Lines changed: 419 additions & 83 deletions

File tree

pkg/server/helpers.go

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -371,8 +371,7 @@ func initSelinuxOpts(selinuxOpt *runtime.SELinuxOption) (string, string, error)
371371
// Should ignored selinuxOpts if they are incomplete.
372372
if selinuxOpt.GetUser() == "" ||
373373
selinuxOpt.GetRole() == "" ||
374-
selinuxOpt.GetType() == "" ||
375-
selinuxOpt.GetLevel() == "" {
374+
selinuxOpt.GetType() == "" {
376375
return "", "", nil
377376
}
378377

@@ -391,6 +390,10 @@ func initSelinuxOpts(selinuxOpt *runtime.SELinuxOption) (string, string, error)
391390
}
392391

393392
func checkSelinuxLevel(level string) (bool, error) {
393+
if len(level) == 0 {
394+
return true, nil
395+
}
396+
394397
matched, err := regexp.MatchString(`^s\d(-s\d)??(:c\d{1,4}((.c\d{1,4})?,c\d{1,4})*(.c\d{1,4})?(,c\d{1,4}(.c\d{1,4})?)*)?$`, level)
395398
if err != nil || !matched {
396399
return false, fmt.Errorf("the format of 'level' %q is not correct: %v", level, err)

pkg/server/helpers_selinux_test.go

Lines changed: 20 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,7 @@ limitations under the License.
1919
package server
2020

2121
import (
22+
"strings"
2223
"testing"
2324

2425
"github.com/opencontainers/selinux/go-selinux"
@@ -62,6 +63,16 @@ func TestInitSelinuxOpts(t *testing.T) {
6263
processLabel: "user_u:user_r:user_t:s0:c1,c2",
6364
mountLabels: []string{"user_u:object_r:container_file_t:s0:c1,c2", "user_u:object_r:svirt_sandbox_file_t:s0:c1,c2"},
6465
},
66+
"Should be resolved correctly when selinuxOpt has been initialized with level=''": {
67+
selinuxOpt: &runtime.SELinuxOption{
68+
User: "user_u",
69+
Role: "user_r",
70+
Type: "user_t",
71+
Level: "",
72+
},
73+
processLabel: "user_u:user_r:user_t:s0",
74+
mountLabels: []string{"user_u:object_r:container_file_t:s0", "user_u:object_r:svirt_sandbox_file_t:s0"},
75+
},
6576
"Should return error when the format of 'level' is not correct": {
6677
selinuxOpt: &runtime.SELinuxOption{
6778
User: "user_u",
@@ -78,8 +89,15 @@ func TestInitSelinuxOpts(t *testing.T) {
7889
assert.Error(t, err)
7990
} else {
8091
assert.NoError(t, err)
81-
assert.Equal(t, test.processLabel, processLabel)
82-
assert.Contains(t, test.mountLabels, mountLabel)
92+
if test.selinuxOpt == nil || test.selinuxOpt.Level != "" {
93+
assert.Equal(t, test.processLabel, processLabel)
94+
assert.Contains(t, test.mountLabels, mountLabel)
95+
} else {
96+
assert.Equal(t, 0, strings.LastIndex(processLabel, test.processLabel))
97+
contain := strings.LastIndex(mountLabel, test.mountLabels[0]) == 0 ||
98+
strings.LastIndex(mountLabel, test.mountLabels[1]) == 0
99+
assert.True(t, contain)
100+
}
83101
}
84102
})
85103
}

vendor.conf

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ github.com/opencontainers/image-spec v1.0.1
4343
github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340
4444
github.com/opencontainers/runtime-spec v1.0.1
4545
github.com/opencontainers/runtime-tools v0.6.0
46-
github.com/opencontainers/selinux 4a2974bf1ee960774ffd517717f1f45325af0206
46+
github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a
4747
github.com/pkg/errors v0.8.0
4848
github.com/pmezard/go-difflib v1.0.0
4949
github.com/prometheus/client_golang f4fb1b73fb099f396a7f0036bf86aa8def4ed823

vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go

Lines changed: 3 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)