Merge pull request #5725 from containers/dependabot/go_modules/github.com/opencontainers/selinux-1.5.0

build(deps): bump github.com/opencontainers/selinux from 1.4.0 to 1.5.0
2025-05-22 01:27:07 +08:00 · 2020-04-06 16:47:06 +02:00
parent 5b853bb272 12600afce9
commit 4b69cf0950
4 changed files with 69 additions and 25 deletions
--- a/go.mod
+++ b/go.mod
@ -42,7 +42,7 @@ require (
 	github.com/opencontainers/runc v1.0.0-rc9
 	github.com/opencontainers/runtime-spec v0.1.2-0.20190618234442-a950415649c7
 	github.com/opencontainers/runtime-tools v0.9.0
-	github.com/opencontainers/selinux v1.4.0
+	github.com/opencontainers/selinux v1.5.0
 	github.com/opentracing/opentracing-go v1.1.0
 	github.com/pkg/errors v0.9.1
 	github.com/pmezard/go-difflib v1.0.0
--- a/go.sum
+++ b/go.sum
@ -355,6 +355,8 @@ github.com/opencontainers/selinux v1.3.1/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwy
 github.com/opencontainers/selinux v1.3.2/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/opencontainers/selinux v1.4.0 h1:cpiX/2wWIju/6My60T6/z9CxNG7c8xTQyEmA9fChpUo=
 github.com/opencontainers/selinux v1.4.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/opencontainers/selinux v1.5.0 h1:giFN+hbiSqvKWPyagmNk9sABaH7VUZ/+XS7tInqDQ6c=
 github.com/opencontainers/selinux v1.5.0/go.mod h1:yTcKuYAh6R95iDpefGLQaPaRwJFwyzAJufJyiTt7s0g=
 github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316 h1:enQG2QUGwug4fR1yM6hL0Fjzx6Km/exZY6RbSPwMu3o=
 github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316/go.mod h1:dv+J0b/HWai0QnMVb37/H0v36klkLBi2TNpPeWDxX10=
 github.com/openshift/imagebuilder v1.1.3 h1:8TiphsD2wboU7tygtGZ5ZBfCP9FH2ZtvEAli67V2PJ4=
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@ -31,6 +31,7 @@ const (
 	// Disabled constant to indicate SELinux is disabled
 	Disabled = -1
 	contextFile      = "/usr/share/containers/selinux/contexts"
 	selinuxDir       = "/etc/selinux/"
 	selinuxConfig    = selinuxDir + "config"
 	selinuxfsMount   = "/sys/fs/selinux"
@ -684,23 +685,26 @@ func ROFileLabel() string {
 	return roFileLabel
 }
-/*
+func openContextFile() (*os.File, error) {
-ContainerLabels returns an allocated processLabel and fileLabel to be used for
+	if f, err := os.Open(contextFile); err == nil {
-container labeling by the calling process.
+		return f, nil
-*/
+	}
-func ContainerLabels() (processLabel string, fileLabel string) {
+	lxcPath := filepath.Join(getSELinuxPolicyRoot(), "/contexts/lxc_contexts")
 	return os.Open(lxcPath)
 }
 var labels = loadLabels()
 func loadLabels() map[string]string {
 	var (
 		val, key string
 		bufin    *bufio.Reader
 	)
-	if !GetEnabled() {
+	labels := make(map[string]string)
-		return "", ""
+	in, err := openContextFile()
 	}
 	lxcPath := fmt.Sprintf("%s/contexts/lxc_contexts", getSELinuxPolicyRoot())
 	in, err := os.Open(lxcPath)
 	if err != nil {
-		return "", ""
+		return labels
 	}
 	defer in.Close()
@ -712,7 +716,7 @@ func ContainerLabels() (processLabel string, fileLabel string) {
 			if err == io.EOF {
 				done = true
 			} else {
-				goto exit
+				break
 			}
 		}
 		line = strings.TrimSpace(line)
@ -726,26 +730,64 @@ func ContainerLabels() (processLabel string, fileLabel string) {
 		}
 		if groups := assignRegex.FindStringSubmatch(line); groups != nil {
 			key, val = strings.TrimSpace(groups[1]), strings.TrimSpace(groups[2])
-			if key == "process" {
+			labels[key] = strings.Trim(val, "\"")
 				processLabel = strings.Trim(val, "\"")
 			}
 			if key == "file" {
 				fileLabel = strings.Trim(val, "\"")
 			}
 			if key == "ro_file" {
 				roFileLabel = strings.Trim(val, "\"")
 			}
 		}
 	}
-	if processLabel == "" || fileLabel == "" {
+	return labels
 }
 /*
 KVMContainerLabels returns the default processLabel and mountLabel to be used
 for kvm containers by the calling process.
 */
 func KVMContainerLabels() (string, string) {
 	processLabel := labels["kvm_process"]
 	if processLabel == "" {
 		processLabel = labels["process"]
 	}
 	return addMcs(processLabel, labels["file"])
 }
 /*
 InitContainerLabels returns the default processLabel and file labels to be
 used for containers running an init system like systemd by the calling process.
 */
 func InitContainerLabels() (string, string) {
 	processLabel := labels["init_process"]
 	if processLabel == "" {
 		processLabel = labels["process"]
 	}
 	return addMcs(processLabel, labels["file"])
 }
 /*
 ContainerLabels returns an allocated processLabel and fileLabel to be used for
 container labeling by the calling process.
 */
 func ContainerLabels() (processLabel string, fileLabel string) {
 	if !GetEnabled() {
 		return "", ""
 	}
 	processLabel = labels["process"]
 	fileLabel = labels["file"]
 	roFileLabel = labels["ro_file"]
 	if processLabel == "" || fileLabel == "" {
 		return "", fileLabel
 	}
 	if roFileLabel == "" {
 		roFileLabel = fileLabel
 	}
-exit:
+
 	return addMcs(processLabel, fileLabel)
 }
 func addMcs(processLabel, fileLabel string) (string, string) {
 	scon, _ := NewContext(processLabel)
 	if scon["level"] != "" {
 		mcs := uniqMcs(1024)
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@ -411,7 +411,7 @@ github.com/opencontainers/runtime-tools/generate
 github.com/opencontainers/runtime-tools/generate/seccomp
 github.com/opencontainers/runtime-tools/specerror
 github.com/opencontainers/runtime-tools/validate
-# github.com/opencontainers/selinux v1.4.0
+# github.com/opencontainers/selinux v1.5.0
 github.com/opencontainers/selinux/go-selinux
 github.com/opencontainers/selinux/go-selinux/label
 github.com/opencontainers/selinux/pkg/pwalk