mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
ed6b1693b8
Due to the sensitive nature of these fixes, it was not possible to submit these upstream and vendor the upstream library. Instead, this patch uses a fork of github.com/opencontainers/selinux, branched at commit opencontainers/selinux@879a755db5. In order to permit downstreams to build with this patched version, a snapshot of the forked version has been included in internal/third_party/selinux. Note that since we use "go mod vendor", the patched code is usable even without being "go get"-able. Once the embargo for this issue is lifted we can submit the patches upstream and switch back to a proper upstream go.mod entry. Also, this requires us to temporarily disable the CI job we have that disallows "replace" directives. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
14 lines
304 B
Go
14 lines
304 B
Go
/*
|
|
Package selinux provides a high-level interface for interacting with selinux.
|
|
|
|
Usage:
|
|
|
|
import "github.com/opencontainers/selinux/go-selinux"
|
|
|
|
// Ensure that selinux is enforcing mode.
|
|
if selinux.EnforceMode() != selinux.Enforcing {
|
|
selinux.SetEnforceMode(selinux.Enforcing)
|
|
}
|
|
*/
|
|
package selinux
|