github/skopeo
1
0
Fork 0
mirror of https://github.com/containers/skopeo.git synced 2025-09-22 02:18:41 +00:00
Code Issues Projects Releases Wiki Activity

Re-vendor, and use mtrmac/image-spec:id-based-loader to fix tests

Browse Source 
Anyone running (vndr) currently ends up with failing tests in OCI schema
validation because gojsonschema has fixed its "$ref" interpretation, exposing
inconsistent URI usage inside image-spec/schema.

So, this runs (vndr), and uses mtrmac/image-spec:id-based-loader
( https://github.com/opencontainers/image-spec/pull/739 ) to make the tests pass
again.  As soon as that PR is merged we should revert to using the upstream
image-spec repo again.
This commit is contained in:
Miloslav Trmač
2018-01-10 20:32:58 +01:00
parent 22c524b0e0
commit dc1567c8bc
170 changed files with 14354 additions and 1523 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
vendor/github.com/opencontainers/selinux/go-selinux/selinux.go generated vendored
View File

@@ -28,7 +28,6 @@ const (
selinuxConfig = selinuxDir + "config"
selinuxTypeTag = "SELINUXTYPE"
selinuxTag = "SELINUX"
selinuxPath = "/sys/fs/selinux"
xattrNameSelinux = "security.selinux"
stRdOnly = 0x01
)
@@ -205,7 +204,7 @@ func readCon(name string) (string, error) {
defer in.Close()
_, err = fmt.Fscanf(in, "%s", &val)
return val, err
return strings.Trim(val, "\x00"), err
}
// SetFileLabel sets the SELinux label for this path or returns an error.
@@ -275,6 +274,32 @@ func writeCon(name string, val string) error {
return err
}
/*
CanonicalizeContext takes a context string and writes it to the kernel
the function then returns the context that the kernel will use. This function
can be used to see if two contexts are equivalent
*/
func CanonicalizeContext(val string) (string, error) {
return readWriteCon(filepath.Join(getSelinuxMountPoint(), "context"), val)
}
func readWriteCon(name string, val string) (string, error) {
var retval string
f, err := os.OpenFile(name, os.O_RDWR, 0)
if err != nil {
return "", err
}
defer f.Close()
_, err = f.Write([]byte(val))
if err != nil {
return "", err
}
_, err = fmt.Fscanf(f, "%s", &retval)
return strings.Trim(retval, "\x00"), err
}
/*
SetExecLabel sets the SELinux label that the kernel will use for any programs
that are executed by the current process thread, or an error.
@@ -311,7 +336,7 @@ func ReserveLabel(label string) {
}
func selinuxEnforcePath() string {
return fmt.Sprintf("%s/enforce", selinuxPath)
return fmt.Sprintf("%s/enforce", getSelinuxMountPoint())
}
// EnforceMode returns the current SELinux mode Enforcing, Permissive, Disabled
@@ -509,7 +534,7 @@ exit:
// SecurityCheckContext validates that the SELinux label is understood by the kernel
func SecurityCheckContext(val string) error {
return writeCon(fmt.Sprintf("%s.context", selinuxPath), val)
return writeCon(fmt.Sprintf("%s/context", getSelinuxMountPoint()), val)
}
/*