github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #10876 from containerd/dependabot/go_modules/github.com/opencontainers/selinux-1.11.1

Browse Source 
build(deps): bump github.com/opencontainers/selinux from 1.11.0 to 1.11.1
This commit is contained in:
Derek McGowan 2024-10-22 13:08:17 +00:00 committed by GitHub
commit 6e85807366
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
10 changed files with 57 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
go.mod
View File

@ -54,7 +54,7 @@ require (
github.com/opencontainers/image-spec v1.1.0 github.com/opencontainers/image-spec v1.1.0
github.com/opencontainers/runtime-spec v1.2.0 github.com/opencontainers/runtime-spec v1.2.0
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626
github.com/opencontainers/selinux v1.11.0 github.com/opencontainers/selinux v1.11.1
github.com/pelletier/go-toml/v2 v2.2.3 github.com/pelletier/go-toml/v2 v2.2.3
github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_golang v1.20.4
github.com/sirupsen/logrus v1.9.3 github.com/sirupsen/logrus v1.9.3

4
go.sum
View File

@ -1019,8 +1019,8 @@ github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 h1:DmNGcqH3WDbV5k8OJ+esPWbqUOX5rMLR2PMvziDMJi0= github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626 h1:DmNGcqH3WDbV5k8OJ+esPWbqUOX5rMLR2PMvziDMJi0=
github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI= github.com/opencontainers/runtime-tools v0.9.1-0.20221107090550-2e043c6bd626/go.mod h1:BRHJJd0E+cx42OybVYSgUvZmU0B8P9gZuRXlZUP7TKI=
github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/opencontainers/selinux v1.9.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI=
github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU= github.com/opencontainers/selinux v1.11.1 h1:nHFvthhM0qY8/m+vfhJylliSshm8G1jJ2jDMcgULaH8=
github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec= github.com/opencontainers/selinux v1.11.1/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M=
github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc=
github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY= github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=

5
vendor/github.com/opencontainers/selinux/go-selinux/label/label_linux.go generated vendored
View File

@ -120,10 +120,7 @@ func Relabel(path string, fileLabel string, shared bool) error {
c["level"] = "s0" c["level"] = "s0"
fileLabel = c.Get() fileLabel = c.Get()
} }
if err := selinux.Chcon(path, fileLabel, true); err != nil { return selinux.Chcon(path, fileLabel, true)
return err
}
return nil
} }
// DisableSecOpt returns a security opt that can disable labeling // DisableSecOpt returns a security opt that can disable labeling

16
vendor/github.com/opencontainers/selinux/go-selinux/label/label_stub.go generated vendored
View File

@ -6,25 +6,25 @@ package label
// InitLabels returns the process label and file labels to be used within // InitLabels returns the process label and file labels to be used within
// the container. A list of options can be passed into this function to alter // the container. A list of options can be passed into this function to alter
// the labels. // the labels.
func InitLabels(options []string) (string, string, error) { func InitLabels([]string) (string, string, error) {
return "", "", nil return "", "", nil
} }
// Deprecated: The GenLabels function is only to be used during the transition // Deprecated: The GenLabels function is only to be used during the transition
// to the official API. Use InitLabels(strings.Fields(options)) instead. // to the official API. Use InitLabels(strings.Fields(options)) instead.
func GenLabels(options string) (string, string, error) { func GenLabels(string) (string, string, error) {
return "", "", nil return "", "", nil
} }
func SetFileLabel(path string, fileLabel string) error { func SetFileLabel(string, string) error {
return nil return nil
} }
func SetFileCreateLabel(fileLabel string) error { func SetFileCreateLabel(string) error {
return nil return nil
} }
func Relabel(path string, fileLabel string, shared bool) error { func Relabel(string, string, bool) error {
return nil return nil
} }
@ -35,16 +35,16 @@ func DisableSecOpt() []string {
} }
// Validate checks that the label does not include unexpected options // Validate checks that the label does not include unexpected options
func Validate(label string) error { func Validate(string) error {
return nil return nil
} }
// RelabelNeeded checks whether the user requested a relabel // RelabelNeeded checks whether the user requested a relabel
func RelabelNeeded(label string) bool { func RelabelNeeded(string) bool {
return false return false
} }
// IsShared checks that the label includes a "shared" mark // IsShared checks that the label includes a "shared" mark
func IsShared(label string) bool { func IsShared(string) bool {
return false return false
} }

15
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go generated vendored
View File

@ -132,7 +132,7 @@ func verifySELinuxfsMount(mnt string) bool {
if err == nil { if err == nil {
break break
} }
if err == unix.EAGAIN || err == unix.EINTR { //nolint:errorlint // unix errors are bare if err == unix.EAGAIN || err == unix.EINTR {
continue continue
} }
return false return false
@ -263,7 +263,7 @@ func isProcHandle(fh *os.File) error {
if err == nil { if err == nil {
break break
} }
if err != unix.EINTR { //nolint:errorlint // unix errors are bare if err != unix.EINTR {
return &os.PathError{Op: "fstatfs", Path: fh.Name(), Err: err} return &os.PathError{Op: "fstatfs", Path: fh.Name(), Err: err}
} }
} }
@ -328,8 +328,8 @@ func lSetFileLabel(fpath string, label string) error {
if err == nil { if err == nil {
break break
} }
if err != unix.EINTR { //nolint:errorlint // unix errors are bare if err != unix.EINTR {
return &os.PathError{Op: "lsetxattr", Path: fpath, Err: err} return &os.PathError{Op: fmt.Sprintf("lsetxattr(label=%s)", label), Path: fpath, Err: err}
} }
} }
@ -347,8 +347,8 @@ func setFileLabel(fpath string, label string) error {
if err == nil { if err == nil {
break break
} }
if err != unix.EINTR { //nolint:errorlint // unix errors are bare if err != unix.EINTR {
return &os.PathError{Op: "setxattr", Path: fpath, Err: err} return &os.PathError{Op: fmt.Sprintf("setxattr(label=%s)", label), Path: fpath, Err: err}
} }
} }
@ -639,6 +639,7 @@ func (m mlsRange) String() string {
return low + "-" + high return low + "-" + high
} }
// TODO: remove min and max once Go < 1.21 is not supported.
func max(a, b uint) uint { func max(a, b uint) uint {
if a > b { if a > b {
return a return a
@ -1134,7 +1135,7 @@ func rchcon(fpath, label string) error { //revive:disable:cognitive-complexity
} }
return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error { return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error {
if fastMode { if fastMode {
if cLabel, err := lFileLabel(fpath); err == nil && cLabel == label { if cLabel, err := lFileLabel(p); err == nil && cLabel == label {
return nil return nil
} }
} }

46
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go generated vendored
View File

@ -7,7 +7,7 @@ func attrPath(string) string {
return "" return ""
} }
func readCon(fpath string) (string, error) { func readCon(string) (string, error) {
return "", nil return "", nil
} }
@ -21,27 +21,27 @@ func getEnabled() bool {
return false return false
} }
func classIndex(class string) (int, error) { func classIndex(string) (int, error) {
return -1, nil return -1, nil
} }
func setFileLabel(fpath string, label string) error { func setFileLabel(string, string) error {
return nil return nil
} }
func lSetFileLabel(fpath string, label string) error { func lSetFileLabel(string, string) error {
return nil return nil
} }
func fileLabel(fpath string) (string, error) { func fileLabel(string) (string, error) {
return "", nil return "", nil
} }
func lFileLabel(fpath string) (string, error) { func lFileLabel(string) (string, error) {
return "", nil return "", nil
} }
func setFSCreateLabel(label string) error { func setFSCreateLabel(string) error {
return nil return nil
} }
@ -53,7 +53,7 @@ func currentLabel() (string, error) {
return "", nil return "", nil
} }
func pidLabel(pid int) (string, error) { func pidLabel(int) (string, error) {
return "", nil return "", nil
} }
@ -61,23 +61,23 @@ func execLabel() (string, error) {
return "", nil return "", nil
} }
func canonicalizeContext(val string) (string, error) { func canonicalizeContext(string) (string, error) {
return "", nil return "", nil
} }
func computeCreateContext(source string, target string, class string) (string, error) { func computeCreateContext(string, string, string) (string, error) {
return "", nil return "", nil
} }
func calculateGlbLub(sourceRange, targetRange string) (string, error) { func calculateGlbLub(string, string) (string, error) {
return "", nil return "", nil
} }
func peerLabel(fd uintptr) (string, error) { func peerLabel(uintptr) (string, error) {
return "", nil return "", nil
} }
func setKeyLabel(label string) error { func setKeyLabel(string) error {
return nil return nil
} }
@ -85,14 +85,14 @@ func (c Context) get() string {
return "" return ""
} }
func newContext(label string) (Context, error) { func newContext(string) (Context, error) {
return Context{}, nil return Context{}, nil
} }
func clearLabels() { func clearLabels() {
} }
func reserveLabel(label string) { func reserveLabel(string) {
} }
func isMLSEnabled() bool { func isMLSEnabled() bool {
@ -103,7 +103,7 @@ func enforceMode() int {
return Disabled return Disabled
} }
func setEnforceMode(mode int) error { func setEnforceMode(int) error {
return nil return nil
} }
@ -111,7 +111,7 @@ func defaultEnforceMode() int {
return Disabled return Disabled
} }
func releaseLabel(label string) { func releaseLabel(string) {
} }
func roFileLabel() string { func roFileLabel() string {
@ -126,27 +126,27 @@ func initContainerLabels() (string, string) {
return "", "" return "", ""
} }
func containerLabels() (processLabel string, fileLabel string) { func containerLabels() (string, string) {
return "", "" return "", ""
} }
func securityCheckContext(val string) error { func securityCheckContext(string) error {
return nil return nil
} }
func copyLevel(src, dest string) (string, error) { func copyLevel(string, string) (string, error) {
return "", nil return "", nil
} }
func chcon(fpath string, label string, recurse bool) error { func chcon(string, string, bool) error {
return nil return nil
} }
func dupSecOpt(src string) ([]string, error) { func dupSecOpt(string) ([]string, error) {
return nil, nil return nil, nil
} }
func getDefaultContextWithLevel(user, level, scon string) (string, error) { func getDefaultContextWithLevel(string, string, string) (string, error) {
return "", nil return "", nil
} }

4
vendor/github.com/opencontainers/selinux/go-selinux/xattrs_linux.go generated vendored
View File

@ -31,7 +31,7 @@ func lgetxattr(path, attr string) ([]byte, error) {
func doLgetxattr(path, attr string, dest []byte) (int, error) { func doLgetxattr(path, attr string, dest []byte) (int, error) {
for { for {
sz, err := unix.Lgetxattr(path, attr, dest) sz, err := unix.Lgetxattr(path, attr, dest)
if err != unix.EINTR { //nolint:errorlint // unix errors are bare if err != unix.EINTR {
return sz, err return sz, err
} }
} }
@ -64,7 +64,7 @@ func getxattr(path, attr string) ([]byte, error) {
func dogetxattr(path, attr string, dest []byte) (int, error) { func dogetxattr(path, attr string, dest []byte) (int, error) {
for { for {
sz, err := unix.Getxattr(path, attr, dest) sz, err := unix.Getxattr(path, attr, dest)
if err != unix.EINTR { //nolint:errorlint // unix errors are bare if err != unix.EINTR {
return sz, err return sz, err
} }
} }

6
vendor/github.com/opencontainers/selinux/pkg/pwalkdir/README.md generated vendored
View File

@ -28,7 +28,9 @@ Please note the following limitations of this code:
* fs.SkipDir is not supported; * fs.SkipDir is not supported;
* no errors are ever passed to WalkDirFunc; * ErrNotExist errors from filepath.WalkDir are silently ignored for any path
except the top directory (WalkDir argument); any other error is returned to
the caller of WalkDir;
* once any error is returned from any walkDirFunc instance, no more calls * once any error is returned from any walkDirFunc instance, no more calls
to WalkDirFunc are made, and the error is returned to the caller of WalkDir; to WalkDirFunc are made, and the error is returned to the caller of WalkDir;
@ -51,4 +53,4 @@ filepath.WalkDir.
Otherwise (if a WalkDirFunc is actually doing something) this is usually Otherwise (if a WalkDirFunc is actually doing something) this is usually
faster, except when the WalkDirN(..., 1) is used. Run `go test -bench .` faster, except when the WalkDirN(..., 1) is used. Run `go test -bench .`
to see how different operations can benefit from it, as well as how the to see how different operations can benefit from it, as well as how the
level of paralellism affects the speed. level of parallelism affects the speed.

7
vendor/github.com/opencontainers/selinux/pkg/pwalkdir/pwalkdir.go generated vendored
View File

@ -4,6 +4,7 @@
package pwalkdir package pwalkdir
import ( import (
"errors"
"fmt" "fmt"
"io/fs" "io/fs"
"path/filepath" "path/filepath"
@ -60,6 +61,12 @@ func WalkN(root string, walkFn fs.WalkDirFunc, num int) error {
go func() { go func() {
err = filepath.WalkDir(root, func(p string, entry fs.DirEntry, err error) error { err = filepath.WalkDir(root, func(p string, entry fs.DirEntry, err error) error {
if err != nil { if err != nil {
// Walking a file tree can race with removal,
// so ignore ENOENT, except for root.
// https://github.com/opencontainers/selinux/issues/199.
if errors.Is(err, fs.ErrNotExist) && len(p) != rootLen {
return nil
}
close(files) close(files)
return err return err
} }

2
vendor/modules.txt vendored
View File

@ -407,7 +407,7 @@ github.com/opencontainers/runtime-spec/specs-go/features
github.com/opencontainers/runtime-tools/generate github.com/opencontainers/runtime-tools/generate
github.com/opencontainers/runtime-tools/generate/seccomp github.com/opencontainers/runtime-tools/generate/seccomp
github.com/opencontainers/runtime-tools/validate/capabilities github.com/opencontainers/runtime-tools/validate/capabilities
# github.com/opencontainers/selinux v1.11.0 # github.com/opencontainers/selinux v1.11.1
## explicit; go 1.19 ## explicit; go 1.19
github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux
github.com/opencontainers/selinux/go-selinux/label github.com/opencontainers/selinux/go-selinux/label