scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-10-31 02:08:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

update opencontainers/selinux/go-selinux to v1.11.1

Browse Source 
Signed-off-by: bzsuni <bingzhe.sun@daocloud.io>
This commit is contained in:
bzsuni
2024-11-07 08:22:25 +00:00
parent 530278b1de
commit f2ff07fcfa
10 changed files with 57 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@@ -49,7 +49,7 @@ require (
github.com/onsi/ginkgo/v2 v2.21.0
github.com/onsi/gomega v1.35.1
github.com/opencontainers/runc v1.2.1
github.com/opencontainers/selinux v1.11.0
github.com/opencontainers/selinux v1.11.1
github.com/pkg/errors v0.9.1
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2
github.com/prometheus/client_golang v1.19.1

4
go.sum
View File

@@ -415,8 +415,8 @@ github.com/opencontainers/runc v1.2.1 h1:mQkmeFSUxqFaVmvIn1VQPeQIKpHFya5R07aJw0D
github.com/opencontainers/runc v1.2.1/go.mod h1:/PXzF0h531HTMsYQnmxXkBD7YaGShm/2zcRB79dksUc=
github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8=
github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
github.com/peterbourgon/diskv v2.0.1+incompatible h1:UBdAOUP5p4RWqPBg048CAvpKN+vxiaj6gdUUzhl4XmI=
github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=

5
vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go generated vendored
View File

@@ -120,10 +120,7 @@ func Relabel(path string, fileLabel string, shared bool) error {
c["level"] = "s0"
fileLabel = c.Get()
}
if err := selinux.Chcon(path, fileLabel, true); err != nil {
return err
}
return nil
return selinux.Chcon(path, fileLabel, true)
}
// DisableSecOpt returns a security opt that can disable labeling

16
vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go generated vendored
View File

@@ -6,25 +6,25 @@ package label
// InitLabels returns the process label and file labels to be used within
// the container. A list of options can be passed into this function to alter
// the labels.
func InitLabels(options []string) (string, string, error) {
func InitLabels([]string) (string, string, error) {
return "", "", nil
}
// Deprecated: The GenLabels function is only to be used during the transition
// to the official API. Use InitLabels(strings.Fields(options)) instead.
func GenLabels(options string) (string, string, error) {
func GenLabels(string) (string, string, error) {
return "", "", nil
}
func SetFileLabel(path string, fileLabel string) error {
func SetFileLabel(string, string) error {
return nil
}
func SetFileCreateLabel(fileLabel string) error {
func SetFileCreateLabel(string) error {
return nil
}
func Relabel(path string, fileLabel string, shared bool) error {
func Relabel(string, string, bool) error {
return nil
}
@@ -35,16 +35,16 @@ func DisableSecOpt() []string {
}
// Validate checks that the label does not include unexpected options
func Validate(label string) error {
func Validate(string) error {
return nil
}
// RelabelNeeded checks whether the user requested a relabel
func RelabelNeeded(label string) bool {
func RelabelNeeded(string) bool {
return false
}
// IsShared checks that the label includes a "shared" mark
func IsShared(label string) bool {
func IsShared(string) bool {
return false
}

15
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go generated vendored
View File

@@ -132,7 +132,7 @@ func verifySELinuxfsMount(mnt string) bool {
if err == nil {
break
}
if err == unix.EAGAIN || err == unix.EINTR { //nolint:errorlint // unix errors are bare
if err == unix.EAGAIN || err == unix.EINTR {
continue
}
return false
@@ -263,7 +263,7 @@ func isProcHandle(fh *os.File) error {
if err == nil {
break
}
if err != unix.EINTR { //nolint:errorlint // unix errors are bare
if err != unix.EINTR {
return &os.PathError{Op: "fstatfs", Path: fh.Name(), Err: err}
}
}
@@ -328,8 +328,8 @@ func lSetFileLabel(fpath string, label string) error {
if err == nil {
break
}
if err != unix.EINTR { //nolint:errorlint // unix errors are bare
return &os.PathError{Op: "lsetxattr", Path: fpath, Err: err}
if err != unix.EINTR {
return &os.PathError{Op: fmt.Sprintf("lsetxattr(label=%s)", label), Path: fpath, Err: err}
}
}
@@ -347,8 +347,8 @@ func setFileLabel(fpath string, label string) error {
if err == nil {
break
}
if err != unix.EINTR { //nolint:errorlint // unix errors are bare
return &os.PathError{Op: "setxattr", Path: fpath, Err: err}
if err != unix.EINTR {
return &os.PathError{Op: fmt.Sprintf("setxattr(label=%s)", label), Path: fpath, Err: err}
}
}
@@ -639,6 +639,7 @@ func (m mlsRange) String() string {
return low + "-" + high
}
// TODO: remove min and max once Go < 1.21 is not supported.
func max(a, b uint) uint {
if a > b {
return a
@@ -1134,7 +1135,7 @@ func rchcon(fpath, label string) error { //revive:disable:cognitive-complexity
}
return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error {
if fastMode {
if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label {
if cLabel, err := lFileLabel(p); err == nil && cLabel == label {
return nil
}
}

46
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go generated vendored
View File

@@ -7,7 +7,7 @@ func attrPath(string) string {
return ""
}
func readCon(fpath string) (string, error) {
func readCon(string) (string, error) {
return "", nil
}
@@ -21,27 +21,27 @@ func getEnabled() bool {
return false
}
func classIndex(class string) (int, error) {
func classIndex(string) (int, error) {
return -1, nil
}
func setFileLabel(fpath string, label string) error {
func setFileLabel(string, string) error {
return nil
}
func lSetFileLabel(fpath string, label string) error {
func lSetFileLabel(string, string) error {
return nil
}
func fileLabel(fpath string) (string, error) {
func fileLabel(string) (string, error) {
return "", nil
}
func lFileLabel(fpath string) (string, error) {
func lFileLabel(string) (string, error) {
return "", nil
}
func setFSCreateLabel(label string) error {
func setFSCreateLabel(string) error {
return nil
}
@@ -53,7 +53,7 @@ func currentLabel() (string, error) {
return "", nil
}
func pidLabel(pid int) (string, error) {
func pidLabel(int) (string, error) {
return "", nil
}
@@ -61,23 +61,23 @@ func execLabel() (string, error) {
return "", nil
}
func canonicalizeContext(val string) (string, error) {
func canonicalizeContext(string) (string, error) {
return "", nil
}
func computeCreateContext(source string, target string, class string) (string, error) {
func computeCreateContext(string, string, string) (string, error) {
return "", nil
}
func calculateGlbLub(sourceRange, targetRange string) (string, error) {
func calculateGlbLub(string, string) (string, error) {
return "", nil
}
func peerLabel(fd uintptr) (string, error) {
func peerLabel(uintptr) (string, error) {
return "", nil
}
func setKeyLabel(label string) error {
func setKeyLabel(string) error {
return nil
}
@@ -85,14 +85,14 @@ func (c Context) get() string {
return ""
}
func newContext(label string) (Context, error) {
func newContext(string) (Context, error) {
return Context{}, nil
}
func clearLabels() {
}
func reserveLabel(label string) {
func reserveLabel(string) {
}
func isMLSEnabled() bool {
@@ -103,7 +103,7 @@ func enforceMode() int {
return Disabled
}
func setEnforceMode(mode int) error {
func setEnforceMode(int) error {
return nil
}
@@ -111,7 +111,7 @@ func defaultEnforceMode() int {
return Disabled
}
func releaseLabel(label string) {
func releaseLabel(string) {
}
func roFileLabel() string {
@@ -126,27 +126,27 @@ func initContainerLabels() (string, string) {
return "", ""
}
func containerLabels() (processLabel string, fileLabel string) {
func containerLabels() (string, string) {
return "", ""
}
func securityCheckContext(val string) error {
func securityCheckContext(string) error {
return nil
}
func copyLevel(src, dest string) (string, error) {
func copyLevel(string, string) (string, error) {
return "", nil
}
func chcon(fpath string, label string, recurse bool) error {
func chcon(string, string, bool) error {
return nil
}
func dupSecOpt(src string) ([]string, error) {
func dupSecOpt(string) ([]string, error) {
return nil, nil
}
func getDefaultContextWithLevel(user, level, scon string) (string, error) {
func getDefaultContextWithLevel(string, string, string) (string, error) {
return "", nil
}

4
vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go generated vendored
View File

@@ -31,7 +31,7 @@ func lgetxattr(path, attr string) ([]byte, error) {
func doLgetxattr(path, attr string, dest []byte) (int, error) {
for {
sz, err := unix.Lgetxattr(path, attr, dest)
if err != unix.EINTR { //nolint:errorlint // unix errors are bare
if err != unix.EINTR {
return sz, err
}
}
@@ -64,7 +64,7 @@ func getxattr(path, attr string) ([]byte, error) {
func dogetxattr(path, attr string, dest []byte) (int, error) {
for {
sz, err := unix.Getxattr(path, attr, dest)
if err != unix.EINTR { //nolint:errorlint // unix errors are bare
if err != unix.EINTR {
return sz, err
}
}

6
vendor/github.com/opencontainers/selinux/pkg/pwalkdir/README.md generated vendored
View File

@@ -28,7 +28,9 @@ Please note the following limitations of this code:
* fs.SkipDir is not supported;
* no errors are ever passed to WalkDirFunc;
* ErrNotExist errors from filepath.WalkDir are silently ignored for any path
except the top directory (WalkDir argument); any other error is returned to
the caller of WalkDir;
* once any error is returned from any walkDirFunc instance, no more calls
to WalkDirFunc are made, and the error is returned to the caller of WalkDir;
@@ -51,4 +53,4 @@ filepath.WalkDir.
Otherwise (if a WalkDirFunc is actually doing something) this is usually
faster, except when the WalkDirN(..., 1) is used. Run `go test -bench .`
to see how different operations can benefit from it, as well as how the
level of paralellism affects the speed.
level of parallelism affects the speed.

7
vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go generated vendored
View File

@@ -4,6 +4,7 @@
package pwalkdir
import (
"errors"
"fmt"
"io/fs"
"path/filepath"
@@ -60,6 +61,12 @@ func WalkN(root string, walkFn fs.WalkDirFunc, num int) error {
go func() {
err = filepath.WalkDir(root, func(p string, entry fs.DirEntry, err error) error {
if err != nil {
// Walking a file tree can race with removal,
// so ignore ENOENT, except for root.
// https://github.com/opencontainers/selinux/issues/199.
if errors.Is(err, fs.ErrNotExist) && len(p) != rootLen {
return nil
}
close(files)
return err
}

2
vendor/modules.txt vendored
View File

@@ -480,7 +480,7 @@ github.com/opencontainers/runc/libcontainer/utils
# github.com/opencontainers/runtime-spec v1.2.0
## explicit
github.com/opencontainers/runtime-spec/specs-go
# github.com/opencontainers/selinux v1.11.0
# github.com/opencontainers/selinux v1.11.1
## explicit; go 1.19
github.com/opencontainers/selinux/go-selinux
github.com/opencontainers/selinux/go-selinux/label