Support volume relabling for pods which specify an SELinux label
This commit is contained in:
Sami Wagiaalla
@@ -69,30 +69,10 @@ func (fake *fakeMountDetector) GetMountMedium(path string) (storageMedium, bool,
|
||||
return fake.medium, fake.isMount, nil
|
||||
}
|
||||
|
||||
type fakeChconRequest struct {
|
||||
dir string
|
||||
context string
|
||||
}
|
||||
|
||||
type fakeChconRunner struct {
|
||||
requests []fakeChconRequest
|
||||
}
|
||||
|
||||
func newFakeChconRunner() *fakeChconRunner {
|
||||
return &fakeChconRunner{}
|
||||
}
|
||||
|
||||
func (f *fakeChconRunner) SetContext(dir, context string) error {
|
||||
f.requests = append(f.requests, fakeChconRequest{dir, context})
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func TestPluginEmptyRootContext(t *testing.T) {
|
||||
doTestPlugin(t, pluginTestConfig{
|
||||
medium: api.StorageMediumDefault,
|
||||
rootContext: "",
|
||||
expectedChcons: 0,
|
||||
expectedSetupMounts: 0,
|
||||
expectedTeardownMounts: 0})
|
||||
}
|
||||
@@ -106,7 +86,6 @@ func TestPluginRootContextSet(t *testing.T) {
|
||||
medium: api.StorageMediumDefault,
|
||||
rootContext: "user:role:type:range",
|
||||
expectedSELinuxContext: "user:role:type:range",
|
||||
expectedChcons: 1,
|
||||
expectedSetupMounts: 0,
|
||||
expectedTeardownMounts: 0})
|
||||
}
|
||||
@@ -120,7 +99,6 @@ func TestPluginTmpfs(t *testing.T) {
|
||||
medium: api.StorageMediumMemory,
|
||||
rootContext: "user:role:type:range",
|
||||
expectedSELinuxContext: "user:role:type:range",
|
||||
expectedChcons: 1,
|
||||
expectedSetupMounts: 1,
|
||||
shouldBeMountedBeforeTeardown: true,
|
||||
expectedTeardownMounts: 1})
|
||||
@@ -132,7 +110,6 @@ type pluginTestConfig struct {
|
||||
SELinuxOptions *api.SELinuxOptions
|
||||
idempotent bool
|
||||
expectedSELinuxContext string
|
||||
expectedChcons int
|
||||
expectedSetupMounts int
|
||||
shouldBeMountedBeforeTeardown bool
|
||||
expectedTeardownMounts int
|
||||
@@ -160,7 +137,6 @@ func doTestPlugin(t *testing.T, config pluginTestConfig) {
|
||||
mounter = mount.FakeMounter{}
|
||||
mountDetector = fakeMountDetector{}
|
||||
pod = &api.Pod{ObjectMeta: api.ObjectMeta{UID: types.UID("poduid")}}
|
||||
fakeChconRnr = &fakeChconRunner{}
|
||||
)
|
||||
|
||||
// Set up the SELinux options on the pod
|
||||
@@ -194,8 +170,7 @@ func doTestPlugin(t *testing.T, config pluginTestConfig) {
|
||||
pod,
|
||||
&mounter,
|
||||
&mountDetector,
|
||||
volume.VolumeOptions{RootContext: config.rootContext},
|
||||
fakeChconRnr)
|
||||
volume.VolumeOptions{RootContext: config.rootContext})
|
||||
if err != nil {
|
||||
t.Errorf("Failed to make a new Builder: %v", err)
|
||||
}
|
||||
@@ -231,19 +206,6 @@ func doTestPlugin(t *testing.T, config pluginTestConfig) {
|
||||
t.Errorf("Volume directory was created unexpectedly")
|
||||
}
|
||||
|
||||
// Check the number of chcons during setup
|
||||
if e, a := config.expectedChcons, len(fakeChconRnr.requests); e != a {
|
||||
t.Errorf("Expected %v chcon calls, got %v", e, a)
|
||||
}
|
||||
if config.expectedChcons == 1 {
|
||||
if e, a := config.expectedSELinuxContext, fakeChconRnr.requests[0].context; e != a {
|
||||
t.Errorf("Unexpected chcon context argument; expected: %v, got: %v", e, a)
|
||||
}
|
||||
if e, a := volPath, fakeChconRnr.requests[0].dir; e != a {
|
||||
t.Errorf("Unexpected chcon path argument: expected: %v, got: %v", e, a)
|
||||
}
|
||||
}
|
||||
|
||||
// Check the number of mounts performed during setup
|
||||
if e, a := config.expectedSetupMounts, len(mounter.Log); e != a {
|
||||
t.Errorf("Expected %v mounter calls during setup, got %v", e, a)
|
||||
|
||||
Reference in New Issue
Block a user