github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Use new SELinux APIs

Browse Source 
This moves most of the API calls off of the `labels` package onto the root
selinux package.  This is the newer API for most selinux operations.

Signed-off-by: Michael Crosby <michael@thepasture.io>
This commit is contained in:
Michael Crosby
2020-05-26 15:18:46 -04:00
parent 24209b91bf
commit 72edf3016d
4 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/server/sandbox_run_unix.go
View File

@@ -28,7 +28,7 @@ import (
"github.com/containerd/containerd/plugin"
imagespec "github.com/opencontainers/image-spec/specs-go/v1"
runtimespec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors"
"golang.org/x/sys/unix"
runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
@@ -124,7 +124,7 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC
}
defer func() {
if retErr != nil {
_ = label.ReleaseLabel(processLabel)
selinux.ReleaseLabel(processLabel)
}
}()