Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: more SELinux labels for Docker volumes #6061

Merged
merged 2 commits into from
Jun 29, 2023
Merged

build: more SELinux labels for Docker volumes #6061

merged 2 commits into from
Jun 29, 2023

Conversation

zregvart
Copy link
Contributor

Why the changes in this PR are needed?

Found two more places where labels need to be propagated.

What are the changes in this PR?

Refines #6055 to include additional labling

Notes to assist PR review:

Tested with and without SELinux enforcement

Further comments:

Ref #6054

@netlify
Copy link

netlify bot commented Jun 29, 2023
edited
Loading

Deploy Preview for openpolicyagent ready!

Name Link
🔨 Latest commit f305c2f
🔍 Latest deploy log https://app.netlify.com/sites/openpolicyagent/deploys/649dbaeb9d97f40008d8dc00
😎 Deploy Preview https://deploy-preview-6061--openpolicyagent.netlify.app/docs/edge
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

srenatus
srenatus reviewed Jun 29, 2023
View reviewed changes
Makefile Outdated
@@ -142,15 +142,15 @@ wasm-sdk-e2e-test: generate
.PHONY: check
check:
ifeq ($(DOCKER_RUNNING), 1)
docker run --rm -v $(shell pwd):/app -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} golangci-lint run -v
docker run --rm -v $(shell pwd):/app:Z -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} golangci-lint run -v
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Really? I wouldn't expect the linter to write files

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The linter wants to stat the working directory and fails:

$ make check
docker run --rm -v /home/zregvart/tmp/opa:/app -w /app golangci/golangci-lint:v1.51.0 golangci-lint run -v
level=warning msg="[config_reader] Can't make abs path for \"./...\": stat .: permission denied"
level=info msg="[config_reader] Config search paths: [./ . /root]"
ERROR 2023/06/29 11:35:31 could not discover absolute path: stat .: permission denied
ERROR 2023/06/29 11:35:31 could not discover absolute path: stat .: permission denied
level=warning msg="Failed to discover go env: failed to run 'go env': exit status 1"
level=info msg="[lintersdb] Active 7 linters: [errcheck gosimple govet ineffassign staticcheck typecheck unused]"
level=info msg="[loader] Go packages loading at mode 575 (deps|exports_file|name|types_sizes|compiled_files|files|imports) took 2.118453ms"
level=error msg="Running error: context loading failed: failed to load packages: failed to load with go/packages: err: exit status 1: stderr: cannot determine current directory: stat .: permission denied\n"
level=info msg="Memory: 2 samples, avg is 31.4MB, max is 31.4MB"
level=info msg="Execution took 5.143799ms"
make: *** [Makefile:145: check] Error 3

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Added the read-only (ro) flag to the linter invocation...

@zregvart
build: more SELinux labels for Docker volumes
b462f44 
Ref open-policy-agent#6054

Signed-off-by: Zoran Regvart <zoran@regvart.com>
srenatus
srenatus approved these changes Jun 29, 2023
View reviewed changes
Copy link
Contributor

@srenatus srenatus left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

Makefile
else
@echo "Docker not installed or running. Skipping golangci run."
endif

.PHONY: fmt
fmt:
ifeq ($(DOCKER_RUNNING), 1)
docker run --rm -v $(shell pwd):/app -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} golangci-lint run -v --fix
docker run --rm -v $(shell pwd):/app:Z -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} golangci-lint run -v --fix
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That make target does write to the files 👍

@johanfylling johanfylling merged commit 1ad3992 into open-policy-agent:main Jun 29, 2023
26 checks passed
@zregvart zregvart deleted the issue/6054-adenum branch June 30, 2023 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@srenatus srenatus srenatus approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@zregvart @srenatus @johanfylling