summaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
authordependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>2020-05-26 08:56:35 +0000
committerDaniel J Walsh <dwalsh@redhat.com>2020-05-26 06:07:34 -0400
commita08f3a745a0b5e781734b50db4589e2e1c87b26c (patch)
tree6e2926cb286e1bce435013fb7ad659f61d3bd8ce /vendor
parent1077d2d0b72d027a01080c0d3ebdb7d99a969661 (diff)
downloadpodman-a08f3a745a0b5e781734b50db4589e2e1c87b26c.tar.gz
podman-a08f3a745a0b5e781734b50db4589e2e1c87b26c.tar.bz2
podman-a08f3a745a0b5e781734b50db4589e2e1c87b26c.zip
Bump github.com/opencontainers/selinux from 1.5.1 to 1.5.2
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.5.1 to 1.5.2. - [Release notes](https://github.com/opencontainers/selinux/releases) - [Commits](https://github.com/opencontainers/selinux/compare/v1.5.1...v1.5.2) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label.go22
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go34
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go4
-rw-r--r--vendor/modules.txt2
4 files changed, 32 insertions, 30 deletions
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
index 6e38d3d32..fea096c18 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label.go
@@ -1,6 +1,8 @@
package label
import (
+ "fmt"
+
"github.com/opencontainers/selinux/go-selinux"
)
@@ -46,7 +48,7 @@ var PidLabel = selinux.PidLabel
// Init initialises the labeling system
func Init() {
- selinux.GetEnabled()
+ _ = selinux.GetEnabled()
}
// ClearLabels will clear all reserved labels
@@ -75,3 +77,21 @@ func ReleaseLabel(label string) error {
// can be used to set duplicate labels on future container processes
// Deprecated: use selinux.DupSecOpt
var DupSecOpt = selinux.DupSecOpt
+
+// FormatMountLabel returns a string to be used by the mount command.
+// The format of this string will be used to alter the labeling of the mountpoint.
+// The string returned is suitable to be used as the options field of the mount command.
+// If you need to have additional mount point options, you can pass them in as
+// the first parameter. Second parameter is the label that you wish to apply
+// to all content in the mount point.
+func FormatMountLabel(src, mountLabel string) string {
+ if mountLabel != "" {
+ switch src {
+ case "":
+ src = fmt.Sprintf("context=%q", mountLabel)
+ default:
+ src = fmt.Sprintf("%s,context=%q", src, mountLabel)
+ }
+ }
+ return src
+}
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
index 903829958..779e2e3a8 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
@@ -3,7 +3,6 @@
package label
import (
- "fmt"
"os"
"os/user"
"strings"
@@ -43,7 +42,7 @@ func InitLabels(options []string) (plabel string, mlabel string, Err error) {
if err != nil {
return "", "", err
}
-
+ mcsLevel := pcon["level"]
mcon, err := selinux.NewContext(mountLabel)
if err != nil {
return "", "", err
@@ -62,16 +61,21 @@ func InitLabels(options []string) (plabel string, mlabel string, Err error) {
}
if con[0] == "filetype" {
mcon["type"] = con[1]
+ continue
}
pcon[con[0]] = con[1]
if con[0] == "level" || con[0] == "user" {
mcon[con[0]] = con[1]
}
}
- selinux.ReleaseLabel(processLabel)
- processLabel = pcon.Get()
- mountLabel = mcon.Get()
- selinux.ReserveLabel(processLabel)
+ if pcon.Get() != processLabel {
+ if pcon["level"] != mcsLevel {
+ selinux.ReleaseLabel(processLabel)
+ }
+ processLabel = pcon.Get()
+ mountLabel = mcon.Get()
+ selinux.ReserveLabel(processLabel)
+ }
}
return processLabel, mountLabel, nil
}
@@ -82,24 +86,6 @@ func GenLabels(options string) (string, string, error) {
return InitLabels(strings.Fields(options))
}
-// FormatMountLabel returns a string to be used by the mount command.
-// The format of this string will be used to alter the labeling of the mountpoint.
-// The string returned is suitable to be used as the options field of the mount command.
-// If you need to have additional mount point options, you can pass them in as
-// the first parameter. Second parameter is the label that you wish to apply
-// to all content in the mount point.
-func FormatMountLabel(src, mountLabel string) string {
- if mountLabel != "" {
- switch src {
- case "":
- src = fmt.Sprintf("context=%q", mountLabel)
- default:
- src = fmt.Sprintf("%s,context=%q", src, mountLabel)
- }
- }
- return src
-}
-
// SetFileLabel modifies the "path" label to the specified file label
func SetFileLabel(path string, fileLabel string) error {
if !selinux.GetEnabled() || fileLabel == "" {
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
index cda59d671..c2bdd35d7 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go
@@ -15,10 +15,6 @@ func GenLabels(options string) (string, string, error) {
return "", "", nil
}
-func FormatMountLabel(src string, mountLabel string) string {
- return src
-}
-
func SetFileLabel(path string, fileLabel string) error {
return nil
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 2bb46598f..b3c8b96ae 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -421,7 +421,7 @@ github.com/opencontainers/runtime-tools/generate
github.com/opencontainers/runtime-tools/generate/seccomp
github.com/opencontainers/runtime-tools/specerror
github.com/opencontainers/runtime-tools/validate
-# github.com/opencontainers/selinux v1.5.1
+# github.com/opencontainers/selinux v1.5.2
github.com/opencontainers/selinux/go-selinux
github.com/opencontainers/selinux/go-selinux/label
github.com/opencontainers/selinux/pkg/pwalk