-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
skip write /proc/self/attr/keycreate when selinux label is null #214
Conversation
Looks like your commit is missing a DCO sign-off in the commit message; can you add one? When doing so, please use your real name for the sign-off (not your github handle/username); you can find some instructions in the output from the DCO check here; https://github.com/opencontainers/selinux/pull/214/checks?check_run_id=28026773649 |
Signed-off-by: ningmingxiao <[email protected]>
done |
Thanks! Oh minor nit; Perhaps;
Looking at the change; it looks like we don't have a test-case for setting an empty label; would probably be good to add one; selinux/go-selinux/label/label_linux_test.go Lines 197 to 211 in bb1ec25
|
In general; I see that previously we would try to set an empty label, but then ignore the error if it was a Slightly wondering, but maybe out of scope for this PR (and I could use input from @kolyshkin and @rhatdan on this);
Somewhat related to the above; could there be valid use-cases of trying to unset this? (so could an empty label have the intent of "unset" what's there?). I see you linked to a runc PR; Looking at that PR;
Because if that's the case, then possibly this PR is actually hiding a bug / incorrect use in runc, and it would be better for |
we should let runc do it |
https://github.com/opencontainers/runc/pull/4354/files