-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: more SELinux labels for Docker volumes #6061
build: more SELinux labels for Docker volumes #6061
Conversation
✅ Deploy Preview for openpolicyagent ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Makefile
Outdated
@@ -142,15 +142,15 @@ wasm-sdk-e2e-test: generate | |||
.PHONY: check | |||
check: | |||
ifeq ($(DOCKER_RUNNING), 1) | |||
docker run --rm -v $(shell pwd):/app -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} golangci-lint run -v | |||
docker run --rm -v $(shell pwd):/app:Z -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} golangci-lint run -v |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Really? I wouldn't expect the linter to write files
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The linter wants to stat
the working directory and fails:
$ make check
docker run --rm -v /home/zregvart/tmp/opa:/app -w /app golangci/golangci-lint:v1.51.0 golangci-lint run -v
level=warning msg="[config_reader] Can't make abs path for \"./...\": stat .: permission denied"
level=info msg="[config_reader] Config search paths: [./ . /root]"
ERROR 2023/06/29 11:35:31 could not discover absolute path: stat .: permission denied
ERROR 2023/06/29 11:35:31 could not discover absolute path: stat .: permission denied
level=warning msg="Failed to discover go env: failed to run 'go env': exit status 1"
level=info msg="[lintersdb] Active 7 linters: [errcheck gosimple govet ineffassign staticcheck typecheck unused]"
level=info msg="[loader] Go packages loading at mode 575 (deps|exports_file|name|types_sizes|compiled_files|files|imports) took 2.118453ms"
level=error msg="Running error: context loading failed: failed to load packages: failed to load with go/packages: err: exit status 1: stderr: cannot determine current directory: stat .: permission denied\n"
level=info msg="Memory: 2 samples, avg is 31.4MB, max is 31.4MB"
level=info msg="Execution took 5.143799ms"
make: *** [Makefile:145: check] Error 3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the read-only (ro
) flag to the linter invocation...
Ref open-policy-agent#6054 Signed-off-by: Zoran Regvart <[email protected]>
e84c017
to
b462f44
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you!
else | ||
@echo "Docker not installed or running. Skipping golangci run." | ||
endif | ||
|
||
.PHONY: fmt | ||
fmt: | ||
ifeq ($(DOCKER_RUNNING), 1) | ||
docker run --rm -v $(shell pwd):/app -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} golangci-lint run -v --fix | ||
docker run --rm -v $(shell pwd):/app:Z -w /app golangci/golangci-lint:${GOLANGCI_LINT_VERSION} golangci-lint run -v --fix |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That make target does write to the files 👍
Why the changes in this PR are needed?
Found two more places where labels need to be propagated.
What are the changes in this PR?
Refines #6055 to include additional labling
Notes to assist PR review:
Tested with and without SELinux enforcement
Further comments:
Ref #6054