github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-09-17 14:58:16 +00:00
Code Issues Projects Releases Wiki Activity

runtime: Update remove methods

Browse Source 
In selinux v1.12.0, `label.SetProcessLabel`, was removed to be
replaced by `selinux.SetExecLabel`

Signed-off-by: stevenhorsman <steven@uk.ibm.com>
This commit is contained in:
stevenhorsman
2025-09-08 14:02:22 +01:00
parent ad7e60030a
commit 334340aa18
3 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/runtime/virtcontainers/clh.go
View File

@@ -32,7 +32,7 @@ import (
"github.com/containerd/console" "github.com/containerd/console"
chclient "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/cloud-hypervisor/client" chclient "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/cloud-hypervisor/client"
"github.com/opencontainers/selinux/go-selinux/label" selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors" "github.com/pkg/errors"
log "github.com/sirupsen/logrus" log "github.com/sirupsen/logrus"
@@ -708,10 +708,10 @@ func (clh *cloudHypervisor) StartVM(ctx context.Context, timeout int) error {
// notwant to run them under confinement. // notwant to run them under confinement.
if !clh.config.DisableSeLinux { if !clh.config.DisableSeLinux {
if err := label.SetProcessLabel(clh.config.SELinuxProcessLabel); err != nil { if err := selinux.SetExecLabel(clh.config.SELinuxProcessLabel); err != nil {
return err return err
} }
defer label.SetProcessLabel("") defer selinux.SetExecLabel("")
} }
err = clh.setupVirtiofsDaemon(ctx) err = clh.setupVirtiofsDaemon(ctx)

6
src/runtime/virtcontainers/fc.go
View File

@@ -38,7 +38,7 @@ import (
"github.com/containerd/fifo" "github.com/containerd/fifo"
httptransport "github.com/go-openapi/runtime/client" httptransport "github.com/go-openapi/runtime/client"
"github.com/go-openapi/strfmt" "github.com/go-openapi/strfmt"
"github.com/opencontainers/selinux/go-selinux/label" selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
) )
@@ -788,10 +788,10 @@ func (fc *firecracker) StartVM(ctx context.Context, timeout int) error {
// them under confinement. // them under confinement.
if !fc.config.DisableSeLinux { if !fc.config.DisableSeLinux {
if err := label.SetProcessLabel(fc.config.SELinuxProcessLabel); err != nil { if err := selinux.SetExecLabel(fc.config.SELinuxProcessLabel); err != nil {
return err return err
} }
defer label.SetProcessLabel("") defer selinux.SetExecLabel("")
} }
err = fc.fcInit(ctx, fcTimeout) err = fc.fcInit(ctx, fcTimeout)

6
src/runtime/virtcontainers/qemu.go
View File

@@ -35,7 +35,7 @@ import (
"github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/rootless" "github.com/kata-containers/kata-containers/src/runtime/virtcontainers/pkg/rootless"
govmmQemu "github.com/kata-containers/kata-containers/src/runtime/pkg/govmm/qemu" govmmQemu "github.com/kata-containers/kata-containers/src/runtime/pkg/govmm/qemu"
"github.com/opencontainers/selinux/go-selinux/label" selinux "github.com/opencontainers/selinux/go-selinux"
"github.com/pkg/errors" "github.com/pkg/errors"
"github.com/sirupsen/logrus" "github.com/sirupsen/logrus"
"golang.org/x/sys/unix" "golang.org/x/sys/unix"
@@ -1210,10 +1210,10 @@ func (q *qemu) StartVM(ctx context.Context, timeout int) error {
// the SELinux label. If these processes require privileged, we do // the SELinux label. If these processes require privileged, we do
// notwant to run them under confinement. // notwant to run them under confinement.
if !q.config.DisableSeLinux { if !q.config.DisableSeLinux {
if err := label.SetProcessLabel(q.config.SELinuxProcessLabel); err != nil { if err := selinux.SetExecLabel(q.config.SELinuxProcessLabel); err != nil {
return err return err
} }
defer label.SetProcessLabel("") defer selinux.SetExecLabel("")
} }
if q.config.SharedFS == config.VirtioFS || q.config.SharedFS == config.VirtioFSNydus { if q.config.SharedFS == config.VirtioFS || q.config.SharedFS == config.VirtioFSNydus {
err = q.setupVirtiofsDaemon(ctx) err = q.setupVirtiofsDaemon(ctx)