diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-01-12 13:46:29 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-01-12 13:46:29 -0500 |
| commit | db52828621261e631f6db3c1bcf17aa10b46bd48 (patch) | |
| tree | 94688a647a85d9c479ccf49ec615492f9a52cd16 | |
| parent | b5c8cee932e046d6b5df08a8d237ca9d838228f6 (diff) | |
| parent | 020abbfeab3b3f3bc3b82edf1b9374b90d79ae91 (diff) | |
| download | podman-db52828621261e631f6db3c1bcf17aa10b46bd48.tar.gz podman-db52828621261e631f6db3c1bcf17aa10b46bd48.tar.bz2 podman-db52828621261e631f6db3c1bcf17aa10b46bd48.zip | |
Merge pull request #8946 from JAORMX/sec-errors
Expose security attribute errors with their own messages
| -rw-r--r-- | libpod/define/errors.go | 13 | ||||
| -rw-r--r-- | libpod/oci_util.go | 12 |
2 files changed, 25 insertions, 0 deletions
diff --git a/libpod/define/errors.go b/libpod/define/errors.go index b96d36429..568f8e88d 100644 --- a/libpod/define/errors.go +++ b/libpod/define/errors.go @@ -2,6 +2,7 @@ package define import ( "errors" + "fmt" ) var ( @@ -181,4 +182,16 @@ var ( // ErrNoNetwork indicates that a container has no net namespace, like network=none ErrNoNetwork = errors.New("container has no network namespace") + + // ErrSetSecurityAttribute indicates that a request to set a container's security attribute + // was not possible. + ErrSetSecurityAttribute = fmt.Errorf("%w: unable to assign security attribute", ErrOCIRuntime) + + // ErrGetSecurityAttribute indicates that a request to get a container's security attribute + // was not possible. + ErrGetSecurityAttribute = fmt.Errorf("%w: unable to get security attribute", ErrOCIRuntime) + + // ErrSecurityAttribute indicates that an error processing security attributes + // for the container + ErrSecurityAttribute = fmt.Errorf("%w: unable to process security attribute", ErrOCIRuntime) ) diff --git a/libpod/oci_util.go b/libpod/oci_util.go index 2ba85c4b3..d40cf13bd 100644 --- a/libpod/oci_util.go +++ b/libpod/oci_util.go @@ -126,5 +126,17 @@ func getOCIRuntimeError(runtimeMsg string) error { } return errors.Wrapf(define.ErrOCIRuntimeNotFound, "%s", strings.Trim(errStr, "\n")) } + if match := regexp.MustCompile("`/proc/[a-z0-9-].+/attr.*`").FindString(runtimeMsg); match != "" { + errStr := match + if includeFullOutput { + errStr = runtimeMsg + } + if strings.HasSuffix(match, "/exec`") { + return errors.Wrapf(define.ErrSetSecurityAttribute, "%s", strings.Trim(errStr, "\n")) + } else if strings.HasSuffix(match, "/current`") { + return errors.Wrapf(define.ErrGetSecurityAttribute, "%s", strings.Trim(errStr, "\n")) + } + return errors.Wrapf(define.ErrSecurityAttribute, "%s", strings.Trim(errStr, "\n")) + } return errors.Wrapf(define.ErrOCIRuntime, "%s", strings.Trim(runtimeMsg, "\n")) } |