diff options
author | dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com> | 2020-01-27 09:17:45 +0000 |
---|---|---|
committer | Valentin Rothberg <rothberg@redhat.com> | 2020-01-28 11:16:17 +0100 |
commit | 12b379a623dee18417c0ac7ea49fcb87cffe72b3 (patch) | |
tree | 93d4d730f1a330f30cf9a238e29859d739157b68 /vendor/github.com/opencontainers | |
parent | c28af15932d0d184f841e9d30103730c902c9ba7 (diff) | |
download | podman-12b379a623dee18417c0ac7ea49fcb87cffe72b3.tar.gz podman-12b379a623dee18417c0ac7ea49fcb87cffe72b3.tar.bz2 podman-12b379a623dee18417c0ac7ea49fcb87cffe72b3.zip |
build(deps): bump github.com/opencontainers/selinux from 1.3.0 to 1.3.1
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.3.0 to 1.3.1.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/1.3.0...v1.3.1)
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Valentin Rothberg <rothberg@redhat.com>
Diffstat (limited to 'vendor/github.com/opencontainers')
-rw-r--r-- | vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index 2d4e9f890..9fcfd0867 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -7,7 +7,6 @@ import ( "bytes" "crypto/rand" "encoding/binary" - "errors" "fmt" "io" "io/ioutil" @@ -18,6 +17,8 @@ import ( "strings" "sync" "syscall" + + "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -253,6 +254,12 @@ func getSELinuxPolicyRoot() string { return filepath.Join(selinuxDir, readConfig(selinuxTypeTag)) } +func isProcHandle(fh *os.File) (bool, error) { + var buf unix.Statfs_t + err := unix.Fstatfs(int(fh.Fd()), &buf) + return buf.Type == unix.PROC_SUPER_MAGIC, err +} + func readCon(fpath string) (string, error) { if fpath == "" { return "", ErrEmptyPath @@ -264,6 +271,12 @@ func readCon(fpath string) (string, error) { } defer in.Close() + if ok, err := isProcHandle(in); err != nil { + return "", err + } else if !ok { + return "", fmt.Errorf("%s not on procfs", fpath) + } + var retval string if _, err := fmt.Fscanf(in, "%s", &retval); err != nil { return "", err @@ -276,7 +289,10 @@ func SetFileLabel(fpath string, label string) error { if fpath == "" { return ErrEmptyPath } - return lsetxattr(fpath, xattrNameSelinux, []byte(label), 0) + if err := lsetxattr(fpath, xattrNameSelinux, []byte(label), 0); err != nil { + return errors.Wrapf(err, "failed to set file label on %s", fpath) + } + return nil } // FileLabel returns the SELinux label for this path or returns an error. @@ -346,12 +362,21 @@ func writeCon(fpath string, val string) error { } defer out.Close() + if ok, err := isProcHandle(out); err != nil { + return err + } else if !ok { + return fmt.Errorf("%s not on procfs", fpath) + } + if val != "" { _, err = out.Write([]byte(val)) } else { _, err = out.Write(nil) } - return err + if err != nil { + return errors.Wrapf(err, "failed to set %s on procfs", fpath) + } + return nil } /* @@ -394,7 +419,7 @@ func SetExecLabel(label string) error { } /* -SetTaskLabel sets the SELinux label for the current thread, or an error. +SetTaskLabel sets the SELinux label for the current thread, or an error. This requires the dyntransition permission. */ func SetTaskLabel(label string) error { |