Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bump opencontainers/selinux to v1.2 #38918

Merged
merged 1 commit into from Mar 29, 2019

Conversation

Projects
None yet
4 participants
@thaJeztah
Copy link
Member

commented Mar 21, 2019

No description provided.

bump opencontainers/selinux to v1.2
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@derek

This comment has been minimized.

Copy link

commented Mar 21, 2019

Thank you for your contribution. I've just checked and your Pull Request doesn't appear to have any description.
That's something we need before your Pull Request can be merged. Please see our contributing guide.

@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Mar 21, 2019

@@ -90,14 +104,36 @@ func SetProcessLabel(processLabel string) error {
return selinux.SetExecLabel(processLabel)
}

// SetSocketLabel takes a process label and tells the kernel to assign the
// label to the next socket that gets created
func SetSocketLabel(processLabel string) error {

This comment has been minimized.

Copy link
@thaJeztah

thaJeztah Mar 21, 2019

Author Member

@runcom Is this something we need to use for /var/run/docker.sock (and/or use in containerd to set labels on sockets?)

@@ -130,13 +166,56 @@ func Relabel(path string, fileLabel string, shared bool) error {
return nil
}

exclude_paths := map[string]bool{"/": true, "/usr": true, "/etc": true, "/tmp": true, "/home": true, "/run": true, "/var": true, "/root": true}
exclude_paths := map[string]bool{

This comment has been minimized.

Copy link
@thaJeztah

thaJeztah Mar 21, 2019

Author Member

pls double-check if the new list will cause any changes in behavior that we should be aware of 🤗

@thaJeztah

This comment has been minimized.

Copy link
Member Author

commented Mar 27, 2019

ping @justincormack @runcom PTAL 🤗

@cpuguy83
Copy link
Contributor

left a comment

LGTM

@cpuguy83 cpuguy83 merged commit ab47e16 into moby:master Mar 29, 2019

8 checks passed

dco-signed All commits are signed
experimental Jenkins build Docker-PRs-experimental 44568 has succeeded
Details
janky Jenkins build Docker-PRs 53401 has succeeded
Details
powerpc Jenkins build Docker-PRs-powerpc 13772 has succeeded
Details
vendor Jenkins build Docker-PRs-vendor 5107 has succeeded
Details
windowsRS1 Jenkins build Docker-PRs-WoW-RS1 24525 has succeeded
Details
windowsRS5-process Jenkins build Docker-PRs-WoW-RS5-Process 1862 has succeeded
Details
z Jenkins build Docker-PRs-s390x 13664 has succeeded
Details

@thaJeztah thaJeztah deleted the thaJeztah:bump_selinux branch Mar 29, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.