Merge pull request #1102 from rhatdan/vendor

Moving selinux reservations into container storage.

buildah.go

@@ -224,6 +224,7 @@ func GetBuildInfo(b *Builder) BuilderInfo {
 		ContainerID:           b.ContainerID,
 		MountPoint:            b.MountPoint,
 		ProcessLabel:          b.ProcessLabel,
+		MountLabel:            b.MountLabel,
 		ImageAnnotations:      b.ImageAnnotations,
 		ImageCreatedBy:        b.ImageCreatedBy,
 		OCIv1:                 b.OCIv1,

delete.go

@@ -1,7 +1,6 @@
 package buildah
 
 import (
-	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/pkg/errors"
 )
 
@@ -14,5 +13,5 @@ func (b *Builder) Delete() error {
 	b.MountPoint = ""
 	b.Container = ""
 	b.ContainerID = ""
-	return label.ReleaseLabel(b.ProcessLabel)
+	return nil
 }

new.go

@@ -3,6 +3,7 @@ package buildah
 import (
 	"context"
 	"fmt"
+	"math/rand"
 	"strings"
 
 	"github.com/containers/buildah/util"
@@ -12,7 +13,6 @@ import (
 	"github.com/containers/image/transports/alltransports"
 	"github.com/containers/image/types"
 	"github.com/containers/storage"
-	"github.com/opencontainers/selinux/go-selinux/label"
 	"github.com/openshift/imagebuilder"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
@@ -227,6 +227,27 @@ func resolveImage(ctx context.Context, systemContext *types.SystemContext, store
 	}
 }
 
+func containerNameExist(name string, containers []storage.Container) bool {
+	for _, container := range containers {
+		for _, cname := range container.Names {
+			if cname == name {
+				return true
+			}
+		}
+	}
+	return false
+}
+
+func findUnusedContainer(name string, containers []storage.Container) string {
+	suffix := 1
+	tmpName := name
+	for containerNameExist(tmpName, containers) {
+		tmpName = fmt.Sprintf("%s-%d", name, suffix)
+		suffix++
+	}
+	return tmpName
+}
+
 func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions) (*Builder, error) {
 	var ref types.ImageReference
 	var img *storage.Image
@@ -272,23 +293,33 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
 			name = imageNamePrefix(image) + "-" + name
 		}
 	}
+	var container *storage.Container
+	tmpName := name
+	if options.Container == "" {
+		containers, err := store.Containers()
+		if err != nil {
+			return nil, errors.Wrapf(err, "unable to check for container names")
+		}
+		tmpName = findUnusedContainer(tmpName, containers)
+	}
 
-	coptions := storage.ContainerOptions{}
-	coptions.IDMappingOptions = newContainerIDMappingOptions(options.IDMappingOptions)
-
-	container, err := store.CreateContainer("", []string{name}, imageID, "", "", &coptions)
-	suffix := 1
-	for err != nil && errors.Cause(err) == storage.ErrDuplicateName && options.Container == "" {
-		suffix++
-		tmpName := fmt.Sprintf("%s-%d", name, suffix)
-		if container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions); err == nil {
+	conflict := 100
+	for true {
+		coptions := storage.ContainerOptions{
+			LabelOpts:        options.CommonBuildOpts.LabelOpts,
+			IDMappingOptions: newContainerIDMappingOptions(options.IDMappingOptions),
+		}
+		container, err = store.CreateContainer("", []string{tmpName}, imageID, "", "", &coptions)
+		if err == nil {
 			name = tmpName
+			break
 		}
+		if errors.Cause(err) != storage.ErrDuplicateName || options.Container != "" {
+			return nil, errors.Wrapf(err, "error creating container")
+		}
+		tmpName = fmt.Sprintf("%s-%d", name, rand.Int()%conflict)
+		conflict = conflict * 10
 	}
-	if err != nil {
-		return nil, errors.Wrapf(err, "error creating container")
-	}
-
 	defer func() {
 		if err != nil {
 			if err2 := store.DeleteContainer(container.ID); err2 != nil {
@@ -297,13 +328,6 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
 		}
 	}()
 
-	if err = ReserveSELinuxLabels(store, container.ID); err != nil {
-		return nil, err
-	}
-	processLabel, mountLabel, err := label.InitLabels(options.CommonBuildOpts.LabelOpts)
-	if err != nil {
-		return nil, err
-	}
 	uidmap, gidmap := convertStorageIDMaps(container.UIDMap, container.GIDMap)
 
 	defaultNamespaceOptions, err := DefaultNamespaceOptions()
@@ -323,8 +347,8 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
 		ContainerID:           container.ID,
 		ImageAnnotations:      map[string]string{},
 		ImageCreatedBy:        "",
-		ProcessLabel:          processLabel,
-		MountLabel:            mountLabel,
+		ProcessLabel:          container.ProcessLabel(),
+		MountLabel:            container.MountLabel(),
 		DefaultMountsFilePath: options.DefaultMountsFilePath,
 		Isolation:             options.Isolation,
 		NamespaceOptions:      namespaceOptions,
@@ -346,7 +370,7 @@ func newBuilder(ctx context.Context, store storage.Store, options BuilderOptions
 	}
 
 	if options.Mount {
-		_, err = builder.Mount(mountLabel)
+		_, err = builder.Mount(container.MountLabel())
 		if err != nil {
 			return nil, errors.Wrapf(err, "error mounting build container %q", builder.ContainerID)
 		}

vendor.conf

@@ -5,7 +5,7 @@ github.com/containerd/continuity master
 github.com/containernetworking/cni v0.7.0-alpha1
 github.com/containers/image 5e5b67d6b1cf43cc349128ec3ed7d5283a6cc0d1
 github.com/containers/libpod 2afadeec6696fefac468a49c8ba24b0bc275aa75
-github.com/containers/storage 41294c85d97bef688e18f710402895dbecde3308
+github.com/containers/storage bd5818eda84012cf1db4dafbddd4b7509bb77142
 github.com/docker/distribution 5f6282db7d65e6d72ad7c2cc66310724a57be716
 github.com/docker/docker 86f080cff0914e9694068ed78d503701667c4c00
 github.com/docker/docker-credential-helpers d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1
@@ -36,7 +36,7 @@ github.com/opencontainers/image-spec v1.0.0
 github.com/opencontainers/runc master
 github.com/opencontainers/runtime-spec v1.0.0
 github.com/opencontainers/runtime-tools master
-github.com/opencontainers/selinux b6fa367ed7f534f9ba25391cc2d467085dbb445a
+github.com/opencontainers/selinux master
 github.com/openshift/imagebuilder master
 github.com/ostreedev/ostree-go aeb02c6b6aa2889db3ef62f7855650755befd460
 github.com/pborman/uuid master