aboutsummaryrefslogtreecommitdiff
path: root/vendor
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2020-01-28 10:41:41 -0800
committerGitHub <noreply@github.com>2020-01-28 10:41:41 -0800
commitc2cde7de613198753ba53e4cde6dd157b883548c (patch)
treeeba120cd3065daca3f307f62b78d8ffbb4f76e29 /vendor
parent3426c34b77c9da54af85331d615e2111e152c499 (diff)
parent12b379a623dee18417c0ac7ea49fcb87cffe72b3 (diff)
downloadpodman-c2cde7de613198753ba53e4cde6dd157b883548c.tar.gz
podman-c2cde7de613198753ba53e4cde6dd157b883548c.tar.bz2
podman-c2cde7de613198753ba53e4cde6dd157b883548c.zip
Merge pull request #4989 from containers/dependabot/go_modules/github.com/opencontainers/selinux-1.3.1
build(deps): bump github.com/opencontainers/selinux from 1.3.0 to 1.3.1
Diffstat (limited to 'vendor')
-rw-r--r--vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go33
-rw-r--r--vendor/modules.txt2
2 files changed, 30 insertions, 5 deletions
diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
index 2d4e9f890..9fcfd0867 100644
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
@@ -7,7 +7,6 @@ import (
"bytes"
"crypto/rand"
"encoding/binary"
- "errors"
"fmt"
"io"
"io/ioutil"
@@ -18,6 +17,8 @@ import (
"strings"
"sync"
"syscall"
+
+ "github.com/pkg/errors"
"golang.org/x/sys/unix"
)
@@ -253,6 +254,12 @@ func getSELinuxPolicyRoot() string {
return filepath.Join(selinuxDir, readConfig(selinuxTypeTag))
}
+func isProcHandle(fh *os.File) (bool, error) {
+ var buf unix.Statfs_t
+ err := unix.Fstatfs(int(fh.Fd()), &buf)
+ return buf.Type == unix.PROC_SUPER_MAGIC, err
+}
+
func readCon(fpath string) (string, error) {
if fpath == "" {
return "", ErrEmptyPath
@@ -264,6 +271,12 @@ func readCon(fpath string) (string, error) {
}
defer in.Close()
+ if ok, err := isProcHandle(in); err != nil {
+ return "", err
+ } else if !ok {
+ return "", fmt.Errorf("%s not on procfs", fpath)
+ }
+
var retval string
if _, err := fmt.Fscanf(in, "%s", &retval); err != nil {
return "", err
@@ -276,7 +289,10 @@ func SetFileLabel(fpath string, label string) error {
if fpath == "" {
return ErrEmptyPath
}
- return lsetxattr(fpath, xattrNameSelinux, []byte(label), 0)
+ if err := lsetxattr(fpath, xattrNameSelinux, []byte(label), 0); err != nil {
+ return errors.Wrapf(err, "failed to set file label on %s", fpath)
+ }
+ return nil
}
// FileLabel returns the SELinux label for this path or returns an error.
@@ -346,12 +362,21 @@ func writeCon(fpath string, val string) error {
}
defer out.Close()
+ if ok, err := isProcHandle(out); err != nil {
+ return err
+ } else if !ok {
+ return fmt.Errorf("%s not on procfs", fpath)
+ }
+
if val != "" {
_, err = out.Write([]byte(val))
} else {
_, err = out.Write(nil)
}
- return err
+ if err != nil {
+ return errors.Wrapf(err, "failed to set %s on procfs", fpath)
+ }
+ return nil
}
/*
@@ -394,7 +419,7 @@ func SetExecLabel(label string) error {
}
/*
-SetTaskLabel sets the SELinux label for the current thread, or an error.
+SetTaskLabel sets the SELinux label for the current thread, or an error.
This requires the dyntransition permission.
*/
func SetTaskLabel(label string) error {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index df323e0ff..4d96788a8 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -403,7 +403,7 @@ github.com/opencontainers/runtime-tools/generate
github.com/opencontainers/runtime-tools/generate/seccomp
github.com/opencontainers/runtime-tools/specerror
github.com/opencontainers/runtime-tools/validate
-# github.com/opencontainers/selinux v1.3.0
+# github.com/opencontainers/selinux v1.3.1
github.com/opencontainers/selinux/go-selinux
github.com/opencontainers/selinux/go-selinux/label
# github.com/openshift/api v0.0.0-20200106203948-7ab22a2c8316