Merge pull request #212 from miaoyq/related-selinux

Add build tags and Improve the test case of selinux
2017-09-21 21:07:53 -07:00 · 2017-09-21 21:07:53 -07:00 · 10df5f71a7
commit 10df5f71a7
parent b50f06bb5b 7096027d21
3 changed files with 23 additions and 13 deletions
--- a/10
+++ b/10
@ -24,7 +24,10 @@ VERSION := $(shell git describe --tags --dirty)
 # strip the first char of the tag if it's a `v`
 VERSION := $(VERSION:v%=%)
 TARBALL ?= cri-containerd-$(VERSION).tar.gz
-BUILD_TAGS:= -ldflags '-X $(PROJECT)/pkg/version.criContainerdVersion=$(VERSION)'
+ifdef BUILD_TAGS
+BUILD_TAGS := -tags $(BUILD_TAGS)
+endif
+GO_LDFLAGS := -ldflags '-X $(PROJECT)/pkg/version.criContainerdVersion=$(VERSION)'
 SOURCES := $(shell find . -name '*.go')

 all: binaries
@ -68,8 +71,7 @@ boiler:

 $(BUILD_DIR)/cri-containerd: $(SOURCES)
 	$(GO) build -o $@ \
-	   $(BUILD_TAGS) \
-	   $(GO_LDFLAGS) $(GO_GCFLAGS) \
+	   $(BUILD_TAGS) $(GO_LDFLAGS) $(GO_GCFLAGS) \
 	   $(PROJECT)/cmd/cri-containerd

 test:
@ -86,7 +88,7 @@ clean:

 binaries: $(BUILD_DIR)/cri-containerd

-static-binaries: GO_LDFLAGS=--ldflags '-extldflags "-fno-PIC -static"'
+static-binaries: GO_LDFLAGS += --ldflags '-extldflags "-fno-PIC -static"'
 static-binaries: $(BUILD_DIR)/cri-containerd

 install: binaries
--- a/pkg/server/helpers.go
+++ b/pkg/server/helpers.go
@ -376,11 +376,19 @@ func initSelinuxOpts(selinuxOpt *runtime.SELinuxOption) (string, string, error)
 		return "", "", nil
 	}

+	// Should ignored selinuxOpts if they are incomplete.
+	if selinuxOpt.GetUser() == "" ||
+		selinuxOpt.GetRole() == "" ||
+		selinuxOpt.GetType() == "" ||
+		selinuxOpt.GetLevel() == "" {
+		return "", "", nil
+	}
+
 	labelOpts := fmt.Sprintf("%s:%s:%s:%s",
 		selinuxOpt.GetUser(),
 		selinuxOpt.GetRole(),
-		selinuxOpt.GetRole(),
-		selinuxOpt.GetType())
+		selinuxOpt.GetType(),
+		selinuxOpt.GetLevel())
 	return label.InitLabels(selinux.DupSecOpt(labelOpts))
 }

--- a/pkg/server/helpers_selinux_test.go
+++ b/pkg/server/helpers_selinux_test.go
@ -36,22 +36,22 @@ func TestInitSelinuxOpts(t *testing.T) {
 		processLabel string
 		mountLabels  []string
 	}{
-		"testNullValue": {
+		"Should return empty strings for processLabel and mountLabel when selinuxOpt is nil": {
 			selinuxOpt:   nil,
 			processLabel: "",
 			mountLabels:  []string{"", ""},
 		},
-		"testEmptyString": {
+		"Should return empty strings for processLabel and mountLabel when selinuxOpt has been initialized partially": {
 			selinuxOpt: &runtime.SELinuxOption{
 				User:  "",
-				Role:  "",
+				Role:  "user_r",
 				Type:  "",
-				Level: "",
+				Level: "s0:c1,c2",
 			},
-			processLabel: ":::",
-			mountLabels:  []string{":object_r:container_file_t:", ":object_r:svirt_sandbox_file_t:"},
+			processLabel: "",
+			mountLabels:  []string{"", ""},
 		},
-		"testUser": {
+		"Should be resolved correctly when selinuxOpt has been initialized completely": {
 			selinuxOpt: &runtime.SELinuxOption{
 				User:  "user_u",
 				Role:  "user_r",