Merge pull request #1365 from hqhq/use_go_selinux

Use opencontainers/selinux package
opencontainers · Apr 15, 2017 · 13a8c5d · 13a8c5d
2 parents 7947d06 + 5e7b48f
commit 13a8c5d
Show file tree

Hide file tree

Showing 13 changed files with 411 additions and 313 deletions.
diff --git a/libcontainer/configs/validate/validator.go b/libcontainer/configs/validate/validator.go
@@ -7,7 +7,7 @@ import (
 	"strings"
 
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/selinux"
+	selinux "github.com/opencontainers/selinux/go-selinux"
 )
 
 type Validator interface {
@@ -92,7 +92,7 @@ func (v *ConfigValidator) security(config *configs.Config) error {
 		!config.Namespaces.Contains(configs.NEWNS) {
 		return fmt.Errorf("unable to restrict sys entries without a private MNT namespace")
 	}
-	if config.ProcessLabel != "" && !selinux.SelinuxEnabled() {
+	if config.ProcessLabel != "" && !selinux.GetEnabled() {
 		return fmt.Errorf("selinux label is specified in config, but selinux is disabled or not supported")
 	}
 

diff --git a/libcontainer/label/label_selinux_test.go b/libcontainer/label/label_selinux_test.go
diff --git a/libcontainer/rootfs_linux.go b/libcontainer/rootfs_linux.go
@@ -19,9 +19,9 @@ import (
 	"github.com/mrunalp/fileutils"
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/label"
 	"github.com/opencontainers/runc/libcontainer/system"
 	libcontainerUtils "github.com/opencontainers/runc/libcontainer/utils"
+	"github.com/opencontainers/selinux/go-selinux/label"
 )
 
 const defaultMountFlags = syscall.MS_NOEXEC | syscall.MS_NOSUID | syscall.MS_NODEV

diff --git a/libcontainer/selinux/selinux_test.go b/libcontainer/selinux/selinux_test.go
diff --git a/libcontainer/setns_init_linux.go b/libcontainer/setns_init_linux.go
@@ -8,9 +8,9 @@ import (
 
 	"github.com/opencontainers/runc/libcontainer/apparmor"
 	"github.com/opencontainers/runc/libcontainer/keys"
-	"github.com/opencontainers/runc/libcontainer/label"
 	"github.com/opencontainers/runc/libcontainer/seccomp"
 	"github.com/opencontainers/runc/libcontainer/system"
+	"github.com/opencontainers/selinux/go-selinux/label"
 )
 
 // linuxSetnsInit performs the container's initialization for running a new process

diff --git a/libcontainer/standard_init_linux.go b/libcontainer/standard_init_linux.go
@@ -11,9 +11,9 @@ import (
 	"github.com/opencontainers/runc/libcontainer/apparmor"
 	"github.com/opencontainers/runc/libcontainer/configs"
 	"github.com/opencontainers/runc/libcontainer/keys"
-	"github.com/opencontainers/runc/libcontainer/label"
 	"github.com/opencontainers/runc/libcontainer/seccomp"
 	"github.com/opencontainers/runc/libcontainer/system"
+	"github.com/opencontainers/selinux/go-selinux/label"
 )
 
 type linuxStandardInit struct {

diff --git a/vendor.conf b/vendor.conf
@@ -7,6 +7,7 @@ github.com/godbus/dbus c7fdd8b5cd55e87b4e1f4e372cdb1db61dd6c66f
 github.com/golang/protobuf/proto f7137ae6b19afbfd61a94b746fda3b3fe0491874
 github.com/mrunalp/fileutils ed869b029674c0e9ce4c0dfa781405c2d9946d08
 github.com/opencontainers/runtime-spec/specs-go 035da1dca3dfbb00d752eb58b0b158d6129f3776
+github.com/opencontainers/selinux ba1aefe8057f1d0cfb8e88d0ec1dc85925ef987d
 github.com/seccomp/libseccomp-golang 32f571b70023028bd57d9288c20efbcb237f3ce0
 github.com/syndtr/gocapability/capability e7cb7fa329f456b3855136a2642b197bad7366ba
 github.com/urfave/cli d53eb991652b1d438abdd34ce4bfa3ef1539108e