Bump CRI for 1.4x release
includes selinux bump. Signed-off-by: Michael Crosby <michael@thepasture.io>
This commit is contained in:
Michael Crosby
2
vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
generated
vendored
2
vendor/github.com/opencontainers/selinux/go-selinux/label/label_selinux.go
generated
vendored
@@ -73,9 +73,9 @@ func InitLabels(options []string) (plabel string, mlabel string, Err error) {
|
||||
selinux.ReleaseLabel(processLabel)
|
||||
}
|
||||
processLabel = pcon.Get()
|
||||
mountLabel = mcon.Get()
|
||||
selinux.ReserveLabel(processLabel)
|
||||
}
|
||||
mountLabel = mcon.Get()
|
||||
}
|
||||
return processLabel, mountLabel, nil
|
||||
}
|
||||
|
||||
8
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
generated
vendored
8
vendor/github.com/opencontainers/selinux/go-selinux/selinux_linux.go
generated
vendored
@@ -31,6 +31,9 @@ const (
|
||||
// Disabled constant to indicate SELinux is disabled
|
||||
Disabled = -1
|
||||
|
||||
// DefaultCategoryRange is the upper bound on the category range
|
||||
DefaultCategoryRange = uint32(1024)
|
||||
|
||||
contextFile = "/usr/share/containers/selinux/contexts"
|
||||
selinuxDir = "/etc/selinux/"
|
||||
selinuxConfig = selinuxDir + "config"
|
||||
@@ -57,6 +60,9 @@ var (
|
||||
// InvalidLabel is returned when an invalid label is specified.
|
||||
InvalidLabel = errors.New("Invalid Label")
|
||||
|
||||
// CategoryRange allows the upper bound on the category range to be adjusted
|
||||
CategoryRange = DefaultCategoryRange
|
||||
|
||||
assignRegex = regexp.MustCompile(`^([^=]+)=(.*)$`)
|
||||
roFileLabel string
|
||||
state = selinuxState{
|
||||
@@ -790,7 +796,7 @@ func ContainerLabels() (processLabel string, fileLabel string) {
|
||||
func addMcs(processLabel, fileLabel string) (string, string) {
|
||||
scon, _ := NewContext(processLabel)
|
||||
if scon["level"] != "" {
|
||||
mcs := uniqMcs(1024)
|
||||
mcs := uniqMcs(CategoryRange)
|
||||
scon["level"] = mcs
|
||||
processLabel = scon.Get()
|
||||
scon, _ = NewContext(fileLabel)
|
||||
|
||||
4
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
generated
vendored
4
vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
generated
vendored
@@ -13,6 +13,8 @@ const (
|
||||
Permissive = 0
|
||||
// Disabled constant to indicate SELinux is disabled
|
||||
Disabled = -1
|
||||
// DefaultCategoryRange is the upper bound on the category range
|
||||
DefaultCategoryRange = uint32(1024)
|
||||
)
|
||||
|
||||
var (
|
||||
@@ -20,6 +22,8 @@ var (
|
||||
ErrMCSAlreadyExists = errors.New("MCS label already exists")
|
||||
// ErrEmptyPath is returned when an empty path has been specified.
|
||||
ErrEmptyPath = errors.New("empty path")
|
||||
// CategoryRange allows the upper bound on the category range to be adjusted
|
||||
CategoryRange = DefaultCategoryRange
|
||||
)
|
||||
|
||||
// Context is a representation of the SELinux label broken into 4 parts
|
||||
|
||||
Reference in New Issue
Block a user