mirror of
https://github.com/containers/podman.git
synced 2025-06-23 02:18:13 +08:00
Merge pull request #7622 from hxtk/master
Fix for incorrect evaluation of error condition within libpod.LabelVolumePath.
This commit is contained in:
OpenShift Merge Robot
@ -90,19 +90,23 @@ func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) {
|
||||
return final, nil
|
||||
}
|
||||
|
||||
var lvpRelabel = label.Relabel
|
||||
var lvpInitLabels = label.InitLabels
|
||||
var lvpReleaseLabel = label.ReleaseLabel
|
||||
|
||||
// LabelVolumePath takes a mount path for a volume and gives it an
|
||||
// selinux label of either shared or not
|
||||
func LabelVolumePath(path string) error {
|
||||
_, mountLabel, err := label.InitLabels([]string{})
|
||||
_, mountLabel, err := lvpInitLabels([]string{})
|
||||
if err != nil {
|
||||
return errors.Wrapf(err, "error getting default mountlabels")
|
||||
}
|
||||
if err := label.ReleaseLabel(mountLabel); err != nil {
|
||||
if err := lvpReleaseLabel(mountLabel); err != nil {
|
||||
return errors.Wrapf(err, "error releasing label %q", mountLabel)
|
||||
}
|
||||
|
||||
if err := label.Relabel(path, mountLabel, true); err != nil {
|
||||
if err != syscall.ENOTSUP {
|
||||
if err := lvpRelabel(path, mountLabel, true); err != nil {
|
||||
if err == syscall.ENOTSUP {
|
||||
logrus.Debugf("Labeling not supported on %q", path)
|
||||
} else {
|
||||
return errors.Wrapf(err, "error setting selinux label for %s to %q as shared", path, mountLabel)
|
||||
|
||||
39
libpod/util_linux_test.go
Normal file
39
libpod/util_linux_test.go
Normal file
@ -0,0 +1,39 @@
|
||||
package libpod
|
||||
|
||||
import (
|
||||
"syscall"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/assert"
|
||||
)
|
||||
|
||||
func TestLabelVolumePath(t *testing.T) {
|
||||
// Set up mocked SELinux functions for testing.
|
||||
oldRelabel := lvpRelabel
|
||||
oldInitLabels := lvpInitLabels
|
||||
oldReleaseLabel := lvpReleaseLabel
|
||||
defer func() {
|
||||
lvpRelabel = oldRelabel
|
||||
lvpInitLabels = oldInitLabels
|
||||
lvpReleaseLabel = oldReleaseLabel
|
||||
}()
|
||||
|
||||
// Relabel returns ENOTSUP unconditionally.
|
||||
lvpRelabel = func(path string, fileLabel string, shared bool) error {
|
||||
return syscall.ENOTSUP
|
||||
}
|
||||
|
||||
// InitLabels and ReleaseLabel both return dummy values and nil errors.
|
||||
lvpInitLabels = func(options []string) (string, string, error) {
|
||||
pLabel := "system_u:system_r:container_t:s0:c1,c2"
|
||||
mLabel := "system_u:object_r:container_file_t:s0:c1,c2"
|
||||
return pLabel, mLabel, nil
|
||||
}
|
||||
lvpReleaseLabel = func(label string) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
// LabelVolumePath should not return an error if the operation is unsupported.
|
||||
err := LabelVolumePath("/foo/bar")
|
||||
assert.NoError(t, err)
|
||||
}
|
||||
Reference in New Issue
Block a user