mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-11 06:03:57 +08:00
ed6b1693b8
Due to the sensitive nature of these fixes, it was not possible to submit these upstream and vendor the upstream library. Instead, this patch uses a fork of github.com/opencontainers/selinux, branched at commit opencontainers/selinux@879a755db5. In order to permit downstreams to build with this patched version, a snapshot of the forked version has been included in internal/third_party/selinux. Note that since we use "go mod vendor", the patched code is usable even without being "go get"-able. Once the embargo for this issue is lifted we can submit the patches upstream and switch back to a proper upstream go.mod entry. Also, this requires us to temporarily disable the CI job we have that disallows "replace" directives. Fixes: GHSA-cgrx-mc8f-2prm CVE-2025-52881 Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
45 lines
950 B
Go
45 lines
950 B
Go
//go:build !linux
|
|
// +build !linux
|
|
|
|
package label
|
|
|
|
// InitLabels returns the process label and file labels to be used within
|
|
// the container. A list of options can be passed into this function to alter
|
|
// the labels.
|
|
func InitLabels([]string) (string, string, error) {
|
|
return "", "", nil
|
|
}
|
|
|
|
func SetFileLabel(string, string) error {
|
|
return nil
|
|
}
|
|
|
|
func SetFileCreateLabel(string) error {
|
|
return nil
|
|
}
|
|
|
|
func Relabel(string, string, bool) error {
|
|
return nil
|
|
}
|
|
|
|
// DisableSecOpt returns a security opt that can disable labeling
|
|
// support for future container processes
|
|
func DisableSecOpt() []string {
|
|
return nil
|
|
}
|
|
|
|
// Validate checks that the label does not include unexpected options
|
|
func Validate(string) error {
|
|
return nil
|
|
}
|
|
|
|
// RelabelNeeded checks whether the user requested a relabel
|
|
func RelabelNeeded(string) bool {
|
|
return false
|
|
}
|
|
|
|
// IsShared checks that the label includes a "shared" mark
|
|
func IsShared(string) bool {
|
|
return false
|
|
}
|