opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-07-29 19:33:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7622 from hxtk/master

Browse Source 
Fix for incorrect evaluation of error condition within libpod.LabelVolumePath.
This commit is contained in:
OpenShift Merge Robot
2020-10-02 06:36:53 -04:00
committed by GitHub
parent f372f4bea3 c8f9117cef
commit 51851e10ba
2 changed files with 47 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
libpod/util_linux.go
View File

@ -90,19 +90,23 @@ func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) {
return final, nil return final, nil
} }
var lvpRelabel = label.Relabel
var lvpInitLabels = label.InitLabels
var lvpReleaseLabel = label.ReleaseLabel
// LabelVolumePath takes a mount path for a volume and gives it an // LabelVolumePath takes a mount path for a volume and gives it an
// selinux label of either shared or not // selinux label of either shared or not
func LabelVolumePath(path string) error { func LabelVolumePath(path string) error {
_, mountLabel, err := label.InitLabels([]string{}) _, mountLabel, err := lvpInitLabels([]string{})
if err != nil { if err != nil {
return errors.Wrapf(err, "error getting default mountlabels") return errors.Wrapf(err, "error getting default mountlabels")
} }
if err := label.ReleaseLabel(mountLabel); err != nil { if err := lvpReleaseLabel(mountLabel); err != nil {
return errors.Wrapf(err, "error releasing label %q", mountLabel) return errors.Wrapf(err, "error releasing label %q", mountLabel)
} }
if err := label.Relabel(path, mountLabel, true); err != nil { if err := lvpRelabel(path, mountLabel, true); err != nil {
if err != syscall.ENOTSUP { if err == syscall.ENOTSUP {
logrus.Debugf("Labeling not supported on %q", path) logrus.Debugf("Labeling not supported on %q", path)
} else { } else {
return errors.Wrapf(err, "error setting selinux label for %s to %q as shared", path, mountLabel) return errors.Wrapf(err, "error setting selinux label for %s to %q as shared", path, mountLabel)

39
libpod/util_linux_test.go Normal file
View File

@ -0,0 +1,39 @@
package libpod
import (
"syscall"
"testing"
"github.com/stretchr/testify/assert"
)
func TestLabelVolumePath(t *testing.T) {
// Set up mocked SELinux functions for testing.
oldRelabel := lvpRelabel
oldInitLabels := lvpInitLabels
oldReleaseLabel := lvpReleaseLabel
defer func() {
lvpRelabel = oldRelabel
lvpInitLabels = oldInitLabels
lvpReleaseLabel = oldReleaseLabel
}()
// Relabel returns ENOTSUP unconditionally.
lvpRelabel = func(path string, fileLabel string, shared bool) error {
return syscall.ENOTSUP
}
// InitLabels and ReleaseLabel both return dummy values and nil errors.
lvpInitLabels = func(options []string) (string, string, error) {
pLabel := "system_u:system_r:container_t:s0:c1,c2"
mLabel := "system_u:object_r:container_file_t:s0:c1,c2"
return pLabel, mLabel, nil
}
lvpReleaseLabel = func(label string) error {
return nil
}
// LabelVolumePath should not return an error if the operation is unsupported.
err := LabelVolumePath("/foo/bar")
assert.NoError(t, err)
}