diff --git a/go.mod b/go.mod index 28c7ce98d02..d3278eb0f99 100644 --- a/go.mod +++ b/go.mod @@ -26,7 +26,7 @@ require ( github.com/opencontainers/runc v1.1.0 github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417 github.com/opencontainers/runtime-tools v0.9.0 - github.com/opencontainers/selinux v1.10.0 + github.com/opencontainers/selinux v1.10.1 github.com/openshift/imagebuilder v1.2.3 github.com/pkg/errors v0.9.1 github.com/prometheus/client_golang v1.11.1 // indirect diff --git a/go.sum b/go.sum index 49fed217f47..4e264757327 100644 --- a/go.sum +++ b/go.sum @@ -876,8 +876,9 @@ github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqi github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= github.com/opencontainers/selinux v1.8.5/go.mod h1:HTvjPFoGMbpQsG886e3lQwnsRWtE4TC1OF3OUvG9FAo= -github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU= github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= +github.com/opencontainers/selinux v1.10.1 h1:09LIPVRP3uuZGQvgR+SgMSNBd1Eb3vlRbGqQpoHsF8w= +github.com/opencontainers/selinux v1.10.1/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/openshift/imagebuilder v1.2.3 h1:jvA7mESJdclRKkTe3Yl6UWlliFNVW6mLY8RI+Rrfhfo= github.com/openshift/imagebuilder v1.2.3/go.mod h1:TRYHe4CH9U6nkDjxjBNM5klrLbJBrRbpJE5SaRwUBsQ= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= diff --git a/selinux.go b/selinux.go index e7e9fd8c27e..73241371299 100644 --- a/selinux.go +++ b/selinux.go @@ -1,9 +1,11 @@ +//go:build linux // +build linux package buildah import ( "fmt" + "os" "github.com/opencontainers/runtime-tools/generate" selinux "github.com/opencontainers/selinux/go-selinux" @@ -33,6 +35,9 @@ func runLabelStdioPipes(stdioPipe [][]int, processLabel, mountLabel string) erro } for i := range stdioPipe { pipeFdName := fmt.Sprintf("/proc/self/fd/%d", stdioPipe[i][0]) + if linkfile, err := os.Readlink(pipeFdName); err == nil { + pipeFdName = linkfile + } if err := label.Relabel(pipeFdName, pipeContext, false); err != nil { return errors.Wrapf(err, "setting file label on %q", pipeFdName) } diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go index 897ecbac41c..feb739d3261 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon.go @@ -12,7 +12,7 @@ import ( func rchcon(fpath, label string) error { return pwalkdir.Walk(fpath, func(p string, _ fs.DirEntry, _ error) error { - e := setFileLabel(p, label) + e := lSetFileLabel(p, label) // Walk a file tree can race with removal, so ignore ENOENT. if errors.Is(e, os.ErrNotExist) { return nil diff --git a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go index 2c8b033ce05..ecc7abfac5e 100644 --- a/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go +++ b/vendor/github.com/opencontainers/selinux/go-selinux/rchcon_go115.go @@ -11,7 +11,7 @@ import ( func rchcon(fpath, label string) error { return pwalk.Walk(fpath, func(p string, _ os.FileInfo, _ error) error { - e := setFileLabel(p, label) + e := lSetFileLabel(p, label) // Walk a file tree can race with removal, so ignore ENOENT. if errors.Is(e, os.ErrNotExist) { return nil diff --git a/vendor/modules.txt b/vendor/modules.txt index 172957506b1..c97a3a1d2e2 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -415,7 +415,7 @@ github.com/opencontainers/runtime-tools/generate github.com/opencontainers/runtime-tools/generate/seccomp github.com/opencontainers/runtime-tools/specerror github.com/opencontainers/runtime-tools/validate -# github.com/opencontainers/selinux v1.10.0 +# github.com/opencontainers/selinux v1.10.1 github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label github.com/opencontainers/selinux/pkg/pwalk