github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-17 14:58:16 +00:00
Code Issues Projects Releases Wiki Activity

runtime: Update remove methods

Browse Source 
In selinux v1.12.0, `label.SetProcessLabel`, was removed to be
replaced by `selinux.SetExecLabel`

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
2025-09-08 14:02:22 +01:00
parent ad7e60030a
commit 334340aa18
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/runtime/virtcontainers/clh.go
View File

@@ -32,7 +32,7 @@ import (
"github.com/containerd/console"
chclient "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/cloud-hypervisor/client"
"github.com/opencontainers/selinux/go-selinux/label"
selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors"
log "github.com/sirupsen/logrus"
@@ -708,10 +708,10 @@ func (clh *cloudHypervisor) StartVM(ctx context.Context, timeout int) error {
// notwant to run them under confinement.
if !clh.config.DisableSeLinux {
if err := label.SetProcessLabel(clh.config.SELinuxProcessLabel); err != nil {
if err := selinux.SetExecLabel(clh.config.SELinuxProcessLabel); err != nil {
return err
}
defer label.SetProcessLabel("")
defer selinux.SetExecLabel("")
}
err = clh.setupVirtiofsDaemon(ctx)

6
src/runtime/virtcontainers/fc.go
View File

@@ -38,7 +38,7 @@ import (
"github.com/containerd/fifo"
httptransport "github.com/go-openapi/runtime/client"
"github.com/go-openapi/strfmt"
"github.com/opencontainers/selinux/go-selinux/label"
selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
)
@@ -788,10 +788,10 @@ func (fc *firecracker) StartVM(ctx context.Context, timeout int) error {
// them under confinement.
if !fc.config.DisableSeLinux {
if err := label.SetProcessLabel(fc.config.SELinuxProcessLabel); err != nil {
if err := selinux.SetExecLabel(fc.config.SELinuxProcessLabel); err != nil {
return err
}
defer label.SetProcessLabel("")
defer selinux.SetExecLabel("")
}
err = fc.fcInit(ctx, fcTimeout)

6
src/runtime/virtcontainers/qemu.go
View File

@@ -35,7 +35,7 @@ import (
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/rootless"
govmmQemu "github.com/kata-containers/kata-containers/src/runtime/pkg/govmm/qemu"
"github.com/opencontainers/selinux/go-selinux/label"
selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors"
"github.com/sirupsen/logrus"
"golang.org/x/sys/unix"
@@ -1210,10 +1210,10 @@ func (q *qemu) StartVM(ctx context.Context, timeout int) error {
// the SELinux label. If these processes require privileged, we do
// notwant to run them under confinement.
if !q.config.DisableSeLinux {
if err := label.SetProcessLabel(q.config.SELinuxProcessLabel); err != nil {
if err := selinux.SetExecLabel(q.config.SELinuxProcessLabel); err != nil {
return err
}
defer label.SetProcessLabel("")
defer selinux.SetExecLabel("")
}
if q.config.SharedFS == config.VirtioFS || q.config.SharedFS == config.VirtioFSNydus {
err = q.setupVirtiofsDaemon(ctx)