feat: SELinux lables for --bind (#906)
This commit is contained in:
		
				
					committed by
					
						 GitHub
						GitHub
					
				
			
			
				
	
			
			
			
						parent
						
							6ebcac3771
						
					
				
				
					commit
					f7263399b9
				
			
							
								
								
									
										1
									
								
								go.mod
									
									
									
									
									
								
							
							
						
						
									
										1
									
								
								go.mod
									
									
									
									
									
								
							| @@ -29,6 +29,7 @@ require ( | ||||
| 	github.com/moby/buildkit v0.9.2 | ||||
| 	github.com/opencontainers/image-spec v1.0.1 | ||||
| 	github.com/opencontainers/runc v1.0.2 // indirect | ||||
| 	github.com/opencontainers/selinux v1.10.0 | ||||
| 	github.com/pkg/errors v0.9.1 | ||||
| 	github.com/robertkrimen/otto v0.0.0-20210614181706-373ff5438452 | ||||
| 	github.com/sabhiram/go-gitignore v0.0.0-20201211210132-54b8a0bf510f | ||||
|   | ||||
							
								
								
									
										2
									
								
								go.sum
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								go.sum
									
									
									
									
									
								
							| @@ -956,6 +956,8 @@ github.com/opencontainers/runtime-tools v0.0.0-20181011054405-1d69bd0f9c39/go.mo | ||||
| github.com/opencontainers/selinux v1.6.0/go.mod h1:VVGKuOLlE7v4PJyT6h7mNWvq1rzqiriPsEqVhc+svHE= | ||||
| github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3ogry1nUQF8Evvo= | ||||
| github.com/opencontainers/selinux v1.8.2/go.mod h1:MUIHuUEvKB1wtJjQdOyYRgOnLD2xAPP8dBsCoU0KuF8= | ||||
| github.com/opencontainers/selinux v1.10.0 h1:rAiKF8hTcgLI3w0DHm6i0ylVVcOrlgR1kK99DRLDhyU= | ||||
| github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= | ||||
| github.com/opentracing-contrib/go-stdlib v1.0.0/go.mod h1:qtI1ogk+2JhVPIXVc6q+NHziSmy2W5GbdQZFUHADCBU= | ||||
| github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= | ||||
| github.com/opentracing/opentracing-go v1.2.0/go.mod h1:GxEUsuufX4nBwe+T+Wl9TAgYrxe9dPLANfrWvHYVTgc= | ||||
|   | ||||
| @@ -17,6 +17,8 @@ import ( | ||||
| 	"github.com/mitchellh/go-homedir" | ||||
| 	log "github.com/sirupsen/logrus" | ||||
|  | ||||
| 	selinux "github.com/opencontainers/selinux/go-selinux" | ||||
|  | ||||
| 	"github.com/nektos/act/pkg/common" | ||||
| 	"github.com/nektos/act/pkg/container" | ||||
| 	"github.com/nektos/act/pkg/model" | ||||
| @@ -90,6 +92,9 @@ func (rc *RunContext) GetBindsAndMounts() ([]string, map[string]string) { | ||||
| 		if runtime.GOOS == "darwin" { | ||||
| 			bindModifiers = ":delegated" | ||||
| 		} | ||||
| 		if selinux.GetEnabled() { | ||||
| 			bindModifiers = ":z" | ||||
| 		} | ||||
| 		binds = append(binds, fmt.Sprintf("%s:%s%s", rc.Config.Workdir, rc.Config.ContainerWorkdir(), bindModifiers)) | ||||
| 	} else { | ||||
| 		mounts[name] = rc.Config.ContainerWorkdir() | ||||
|   | ||||
		Reference in New Issue
	
	Block a user