diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2020-01-28 10:41:41 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-28 10:41:41 -0800 |
| commit | c2cde7de613198753ba53e4cde6dd157b883548c (patch) | |
| tree | eba120cd3065daca3f307f62b78d8ffbb4f76e29 /vendor/github.com | |
| parent | 3426c34b77c9da54af85331d615e2111e152c499 (diff) | |
| parent | 12b379a623dee18417c0ac7ea49fcb87cffe72b3 (diff) | |
| download | podman-c2cde7de613198753ba53e4cde6dd157b883548c.tar.gz podman-c2cde7de613198753ba53e4cde6dd157b883548c.tar.bz2 podman-c2cde7de613198753ba53e4cde6dd157b883548c.zip | |
Merge pull request #4989 from containers/dependabot/go_modules/github.com/opencontainers/selinux-1.3.1
build(deps): bump github.com/opencontainers/selinux from 1.3.0 to 1.3.1
Diffstat (limited to 'vendor/github.com')
| -rw-r--r-- | vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go index 2d4e9f890..9fcfd0867 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go @@ -7,7 +7,6 @@ import ( "bytes" "crypto/rand" "encoding/binary" - "errors" "fmt" "io" "io/ioutil" @@ -18,6 +17,8 @@ import ( "strings" "sync" "syscall" + + "github.com/pkg/errors" "golang.org/x/sys/unix" ) @@ -253,6 +254,12 @@ func getSELinuxPolicyRoot() string { return filepath.Join(selinuxDir, readConfig(selinuxTypeTag)) } +func isProcHandle(fh *os.File) (bool, error) { + var buf unix.Statfs_t + err := unix.Fstatfs(int(fh.Fd()), &buf) + return buf.Type == unix.PROC_SUPER_MAGIC, err +} + func readCon(fpath string) (string, error) { if fpath == "" { return "", ErrEmptyPath @@ -264,6 +271,12 @@ func readCon(fpath string) (string, error) { } defer in.Close() + if ok, err := isProcHandle(in); err != nil { + return "", err + } else if !ok { + return "", fmt.Errorf("%s not on procfs", fpath) + } + var retval string if _, err := fmt.Fscanf(in, "%s", &retval); err != nil { return "", err @@ -276,7 +289,10 @@ func SetFileLabel(fpath string, label string) error { if fpath == "" { return ErrEmptyPath } - return lsetxattr(fpath, xattrNameSelinux, []byte(label), 0) + if err := lsetxattr(fpath, xattrNameSelinux, []byte(label), 0); err != nil { + return errors.Wrapf(err, "failed to set file label on %s", fpath) + } + return nil } // FileLabel returns the SELinux label for this path or returns an error. @@ -346,12 +362,21 @@ func writeCon(fpath string, val string) error { } defer out.Close() + if ok, err := isProcHandle(out); err != nil { + return err + } else if !ok { + return fmt.Errorf("%s not on procfs", fpath) + } + if val != "" { _, err = out.Write([]byte(val)) } else { _, err = out.Write(nil) } - return err + if err != nil { + return errors.Wrapf(err, "failed to set %s on procfs", fpath) + } + return nil } /* @@ -394,7 +419,7 @@ func SetExecLabel(label string) error { } /* -SetTaskLabel sets the SELinux label for the current thread, or an error. +SetTaskLabel sets the SELinux label for the current thread, or an error. This requires the dyntransition permission. */ func SetTaskLabel(label string) error { |