Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added error check in Getfilecon #584

Merged
merged 1 commit into from
Feb 25, 2016
Merged

Added error check in Getfilecon #584

merged 1 commit into from
Feb 25, 2016

Conversation

rajasec
Copy link
Contributor

@rajasec rajasec commented Feb 23, 2016

Added the error check for Getfilecon if it returns an error.

Signed-off-by: rajasec [email protected]

hqhq
hqhq reviewed Feb 23, 2016
View reviewed changes
libcontainer/selinux/selinux.go

if err != nil {
return "", err
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then probably change the final return to return string(con), nil in this function?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hqhq
Updated as per the comments

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found this function if not used, even when it's first added, ping @rhatdan .

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hqhq
There is no caller at this moment for this function

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We use this function when debugging code, in the past. Do we really need to remove it just because no one is using it currently?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really, just make sure we know it's there :)

mikebrow
mikebrow reviewed Feb 23, 2016
View reviewed changes
libcontainer/selinux/selinux.go

if err != nil {
return "", err
}
// Trim the NUL byte at the end of the byte buffer, if present.
if con[len(con)-1] == '\x00' {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What are the odds of no error and len(con)==0? If possible should probably add a if len(con) check before causing a "panic: runtime error: index out of range"

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes I agree with this check

@rajasec
Added error check in Getfilecon
039d25c 
Signed-off-by: rajasec <[email protected]>

Fixed review comments

Signed-off-by: rajasec <[email protected]>

Fixed review comments for adding length check

Signed-off-by: rajasec <[email protected]>

Fixed review comment

Signed-off-by: rajasec <[email protected]>
@rajasec
Copy link
Contributor Author

rajasec commented Feb 25, 2016

@hqhq @mikebrow @rhatdan
Added the check as per the comments. Let me know if you are ok.

hqhq
hqhq reviewed Feb 25, 2016
View reviewed changes
libcontainer/selinux/selinux.go
if con[len(con)-1] == '\x00' {
con = con[:len(con)-1]
if len(con) > 0 {
if con[len(con)-1] == '\x00' {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's minor, but I think we should change it to if len(con) > 0 && con[len(con)-1] == '\x00'.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@hqhq
Updated.

@hqhq
Copy link
Contributor

hqhq commented Feb 25, 2016

LGTM

@mikebrow
Copy link
Member

Looks good.

@rhatdan
Copy link
Contributor

rhatdan commented Feb 25, 2016

👍

@crosbymichael
Copy link
Member

LGTM

crosbymichael added a commit that referenced this pull request Feb 25, 2016
@crosbymichael
Merge pull request #584 from rajasec/selinux-errcheck
77d2793 
Added error check in Getfilecon
@crosbymichael crosbymichael merged commit 77d2793 into opencontainers:master Feb 25, 2016
@rajasec rajasec deleted the selinux-errcheck branch February 25, 2016 21:03
stefanberger pushed a commit to stefanberger/runc that referenced this pull request Sep 8, 2017
@hqhq
Merge pull request opencontainers#584 from wking/json-object-no-order…
81888fe 
…-or-duplicates

glossary: Make objects explicitly unordered and forbid duplicate names
stefanberger pushed a commit to stefanberger/runc that referenced this pull request Sep 8, 2017
@wking
config: Drop redundant "unique within this map" annotation requirement
eba7304 
This condition landed in 27a05de (Add text about extensions,
2016-06-26, opencontainers#510) with subsequent wording tweaks in 3f0440b
(config.md: add empty limit for key of annotations, Dec 28 10:35:19
2016, opencontainers#645) and 2c8feeb (config: Bring "unique... within this map"
back together, 2017-01-12, opencontainers#654).  However, since eeaccfa (glossary:
Make objects explicitly unordered and forbid duplicate names,
2016-09-27, opencontainers#584) we forbid duplicate keys on *all* objects (not just
annotations), so this PR removes the redundant annotation-specific
condition.

Signed-off-by: W. Trevor King <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
status/0-triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@rajasec @hqhq @mikebrow @rhatdan @crosbymichael @GordonTheTurtle