Skip to content

Commit

Permalink
xattr
Browse files Browse the repository at this point in the history
Signed-off-by: Hiroyuki Moriya <[email protected]>
  • Loading branch information
Gekko0114 committed Jun 29, 2024
1 parent 6dd0d7f commit 1bc0394
Show file tree
Hide file tree
Showing 7 changed files with 261 additions and 69 deletions.
122 changes: 122 additions & 0 deletions experiment/selinux/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions experiment/selinux/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,6 @@ keywords = ["youki", "container", "selinux"]

[dependencies]
nix = { version = "0.29.0", features = ["process", "fs"] }
rustix = { version = "0.38.34", features = ["fs"] }
tempfile = "3.10.1"
thiserror = "1.0.61"
2 changes: 1 addition & 1 deletion experiment/selinux/src/lib.rs
Original file line number Diff line number Diff line change
@@ -1,2 +1,2 @@
pub mod selinux;
pub mod xattr;
pub mod xattrs;
20 changes: 17 additions & 3 deletions experiment/selinux/src/selinux.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
use crate::xattr::*;
use crate::xattrs::*;
use nix::unistd::gettid;
use nix::sys::statfs;
use nix::errno::Errno;
Expand Down Expand Up @@ -63,19 +63,23 @@ impl SELinux {
// function similar with classIndex in go-selinux repo.
// classIndex returns the int index for an object class in the loaded policy,
// or -1 and an error.
#[allow(unused_variables)]
pub fn class_index(class: &str) -> Result<i64, String> {
unimplemented!("not implemented yet")
}

// function similar with setFileLabel in go-selinux repo.
// set_file_label sets the SELinux label for this path, following symlinks, or returns an error.
#[allow(unused_variables)]
#[allow(unreachable_patterns)]
#[allow(non_snake_case)]
pub fn set_file_label(fpath: &Path, label: &str) -> Result<(), SELinuxError> {
if !fpath.exists() {
return Err(SELinuxError::SetFileLabel(ERR_EMPTY_PATH.to_string()));
}

loop {
match set_xattr(fpath, XATTR_NAME_SELINUX, label.as_bytes(), 0) {
match set_xattr(fpath, XATTR_NAME_SELINUX, label.as_bytes()) {
Ok(_) => break,
// TODO: This line will be fixed after implementing set_xattr.
Err(EINTR) => continue,
Expand All @@ -92,13 +96,16 @@ impl SELinux {
// function similar with lSetFileLabel in go-selinux repo.
// lset_file_label sets the SELinux label for this path, not following symlinks,
// or returns an error.
#[allow(unreachable_patterns)]
#[allow(non_snake_case)]
#[allow(unused_variables)]
pub fn lset_file_label(fpath: &Path, label: &str) -> Result<(), SELinuxError> {
if !fpath.exists() {
return Err(SELinuxError::LSetFileLabel(ERR_EMPTY_PATH.to_string()));
}

loop {
match lset_xattr(fpath, XATTR_NAME_SELINUX, label.as_bytes(), 0) {
match lset_xattr(fpath, XATTR_NAME_SELINUX, label.as_bytes()) {
Ok(_) => break,
// TODO: This line will be fixed after implementing lset_xattr.
Err(EINTR) => continue,
Expand Down Expand Up @@ -170,32 +177,37 @@ impl SELinux {
// function similar with SetExecLabel in go-selinux repo.
// set_exec_label sets the SELinux label that the kernel will use for any programs
// that are executed by the current process thread, or an error.
#[allow(unused_variables)]
pub fn set_exec_label(label: &str) {
unimplemented!("not implemented yet")
}

// function similar with SetTaskLabel in go-selinux repo.
// set_task_label sets the SELinux label for the current thread, or an error.
// This requires the dyntransition permission.
#[allow(unused_variables)]
pub fn set_task_label(label: &str) {
unimplemented!("not implemented yet")
}

// function similar with SetSocketLabel in go-selinux repo.
// set_socket_label takes a process label and tells the kernel to assign the
// label to the next socket that gets created.
#[allow(unused_variables)]
pub fn set_socket_label(label: &str) {
unimplemented!("not implemented yet")
}

// function similar with SocketLabel in go-selinux repo.
// socket_label retrieves the current socket label setting.
#[allow(unused_variables)]
pub fn socket_label() {
unimplemented!("not implemented yet")
}

// function similar with peerLabel in go-selinux repo.
// peer_label retrieves the label of the client on the other side of a socket.
#[allow(unused_variables)]
pub fn peer_label() {
unimplemented!("not implemented yet")
}
Expand Down Expand Up @@ -225,6 +237,7 @@ impl SELinux {

// function similar with reserveLabel in go-selinux repo.
// reserve_label reserves the MLS/MCS level component of the specified label
#[allow(unused_variables)]
pub fn reserve_label(label: &str) {
unimplemented!("not implemented yet")
}
Expand Down Expand Up @@ -295,6 +308,7 @@ impl SELinux {
}

// function similar with writeCon in go-selinux repo.
#[allow(unused_variables)]
pub fn write_con(fpath: &Path, val: &str) -> Result<(), SELinuxError> {
unimplemented!("not implemented yet");
}
Expand Down
65 changes: 0 additions & 65 deletions experiment/selinux/src/xattr/xattr.rs

This file was deleted.

File renamed without changes.
Loading

0 comments on commit 1bc0394

Please sign in to comment.