Merge pull request #144 from runcom/vendor-runc-label-selinux

vendor opencontainers/runc 3abefdff18bc201199c5dfd0e91e941cb4c61376
This commit is contained in:
Mrunal Patel 2016-10-14 08:31:34 -07:00 committed by GitHub
commit 0898f1cb61
4 changed files with 18 additions and 30 deletions

View file

@ -72,7 +72,7 @@ clone git github.com/golang/protobuf 3c84672111d91bb5ac31719e112f9f7126a0e26e
clone git github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed clone git github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed
clone git github.com/gorilla/mux v1.1 clone git github.com/gorilla/mux v1.1
clone git github.com/imdario/mergo 6633656539c1639d9d78127b7d47c622b5d7b6dc clone git github.com/imdario/mergo 6633656539c1639d9d78127b7d47c622b5d7b6dc
clone git github.com/opencontainers/runc cc29e3dded8e27ba8f65738f40d251c885030a28 clone git github.com/opencontainers/runc 3abefdff18bc201199c5dfd0e91e941cb4c61376
clone git github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852 clone git github.com/syndtr/gocapability 2c00daeb6c3b45114c80ac44119e7b8801fdd852
clone git github.com/gogo/protobuf 43a2e0b1c32252bfbbdf81f7faa7a88fb3fa4028 clone git github.com/gogo/protobuf 43a2e0b1c32252bfbbdf81f7faa7a88fb3fa4028
clone git github.com/gorilla/context v1.1 clone git github.com/gorilla/context v1.1

View file

@ -33,15 +33,19 @@ func InitLabels(options []string) (string, string, error) {
pcon := selinux.NewContext(processLabel) pcon := selinux.NewContext(processLabel)
mcon := selinux.NewContext(mountLabel) mcon := selinux.NewContext(mountLabel)
for _, opt := range options { for _, opt := range options {
if opt == "disable" { val := strings.SplitN(opt, "=", 2)
if val[0] != "label" {
continue
}
if len(val) < 2 {
return "", "", fmt.Errorf("bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt)
}
if val[1] == "disable" {
return "", "", nil return "", "", nil
} }
if i := strings.Index(opt, ":"); i == -1 { con := strings.SplitN(val[1], ":", 2)
return "", "", fmt.Errorf("Bad label option %q, valid options 'disable' or \n'user, role, level, type' followed by ':' and a value", opt) if len(con) < 2 || !validOptions[con[0]] {
} return "", "", fmt.Errorf("bad label option %q, valid options 'disable, user, role, level, type'", con[0])
con := strings.SplitN(opt, ":", 2)
if !validOptions[con[0]] {
return "", "", fmt.Errorf("Bad label option %q, valid options 'disable, user, role, level, type'", con[0])
} }
pcon[con[0]] = con[1] pcon[con[0]] = con[1]
@ -129,7 +133,7 @@ func Relabel(path string, fileLabel string, shared bool) error {
exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true} exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true}
if exclude_paths[path] { if exclude_paths[path] {
return fmt.Errorf("Relabeling of %s is not allowed", path) return fmt.Errorf("SELinux relabeling of %s is not allowed", path)
} }
if shared { if shared {
@ -137,7 +141,10 @@ func Relabel(path string, fileLabel string, shared bool) error {
c["level"] = "s0" c["level"] = "s0"
fileLabel = c.Get() fileLabel = c.Get()
} }
return selinux.Chcon(path, fileLabel, true) if err := selinux.Chcon(path, fileLabel, true); err != nil {
return fmt.Errorf("SELinux relabeling of %s is not allowed: %q", path, err)
}
return nil
} }
// GetPidLabel will return the label of the process running with the specified pid // GetPidLabel will return the label of the process running with the specified pid

View file

@ -8,7 +8,7 @@ import (
// Setuid sets the uid of the calling thread to the specified uid. // Setuid sets the uid of the calling thread to the specified uid.
func Setuid(uid int) (err error) { func Setuid(uid int) (err error) {
_, _, e1 := syscall.RawSyscall(syscall.SYS_SETUID, uintptr(uid), 0, 0) _, _, e1 := syscall.RawSyscall(syscall.SYS_SETUID32, uintptr(uid), 0, 0)
if e1 != 0 { if e1 != 0 {
err = e1 err = e1
} }

View file

@ -4,28 +4,9 @@ package system
/* /*
#include <unistd.h> #include <unistd.h>
#include <limits.h>
int GetLongBit() {
#ifdef _SC_LONG_BIT
int longbits;
longbits = sysconf(_SC_LONG_BIT);
if (longbits < 0) {
longbits = (CHAR_BIT * sizeof(long));
}
return longbits;
#else
return (CHAR_BIT * sizeof(long));
#endif
}
*/ */
import "C" import "C"
func GetClockTicks() int { func GetClockTicks() int {
return int(C.sysconf(C._SC_CLK_TCK)) return int(C.sysconf(C._SC_CLK_TCK))
} }
func GetLongBit() int {
return int(C.GetLongBit())
}