Skip to content

Refactor the selinux crate #3021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
utam0k wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Refactor the selinux crate #3021

utam0k wants to merge 1 commit into from

Conversation

@utam0k
Copy link
Member

@utam0k utam0k commented Dec 14, 2024

No description provided.

@utam0k
Copy link
Member Author

utam0k commented Dec 14, 2024
edited
Loading

@Gekko0114 I'm trying to remove inti_* in the selinux crate. WDYT? If you agree with me, I'll continue going on this PR.

@Gekko0114
Copy link
Contributor

Gekko0114 commented Dec 14, 2024

What do you mean by inti_* in the selinux crate ?
I couldn't find any functions or values with the prefix inti_.

@utam0k
Copy link
Member Author

utam0k commented Dec 15, 2024
edited
Loading

What do you mean by inti_* in the selinux crate ? I couldn't find any functions or values with the prefix inti_.

Ops, like policy_root_init_done

@Gekko0114
Copy link
Contributor

Gekko0114 commented Dec 15, 2024

I see. I am not familiar with Rust, therefore it is possible that there should be better implementation rather than using atomicBool.
Thanks, I will wait for your PR :)

@Gekko0114 Gekko0114 mentioned this pull request Jan 2, 2025
Open
@utam0k utam0k force-pushed the refactor-selinux branch 3 times, most recently from b139d04 to 2df813b Compare January 19, 2025 12:44
@utam0k
Copy link
Member Author

utam0k commented Jan 19, 2025

I've pushed my changes. Overall, I have already finished it, but I still need to edit it to run it on VM.

@utam0k utam0k force-pushed the refactor-selinux branch 3 times, most recently from 128d52a to 15e0444 Compare January 20, 2025 12:14
@utam0k
selinux: Refactoring
9f005f3 
Signed-off-by: utam0k <k0ma@utam0k.jp>
@utam0k utam0k added the kind/experimental `/experimental` label Jan 26, 2025
@utam0k
Copy link
Member Author

utam0k commented Jan 26, 2025
edited
Loading

@Gekko0114 I couldn't completely run main.rs on VM based on Vagrantfile, even if it's in the main branch. Did you pass it?

[vagrant@centos8 youki]$ sudo ./target/debug/selinux
selinux is enabled
default enforce mode is: enforcing
current enforce mode is: permissive
SELinux label of current process is: unconfined_u:unconfined_r:unconfined_t:s0-s0
Error: SetFileLabel("Failed to set_xattr: Operation not supported (os error 95)")

@utam0k utam0k marked this pull request as ready for review January 26, 2025 11:56
@Gekko0114
Copy link
Contributor

Gekko0114 commented Mar 9, 2025

Hi @utam0k
I noticed this message now, so sorry for late reply. I will have a look.

@Gekko0114
Copy link
Contributor

Gekko0114 commented Mar 9, 2025

Hi @utam0k

Though I am using libvirt instead of virtualbox because of my PC environment, I could run the code.

selinux is enabled
default enforce mode is: enforcing
current enforce mode is: enforcing
SELinux label of current process is: unconfined_u:unconfined_r:unconfined_t:s0-s0
file label is system_u:object_r:public_content_t:s0

Based on previous comments from YJDoc2, it appears this error is likely related to directory mounting within Vagrant, rather than an issue with the code itself. YJDoc2 found that copying the binary to /tmp resolved the issue, indicating that the problem arises from how Vagrant mounts directories.
#2900 (comment)

Hmm, the issue was that with the directory mounting. When I copied the binary into /tmp it worked correctly as expected and sets the label. This is probably issue with mounting dirs into vagrant, not not with our code, so can ignore. Going ahead and merging this PR. Thanks a lot!

Therefore, while the error is occurring, it seems to be an environmental issue rather than code issue.
What do you think?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

kind/experimental `/experimental`

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@utam0k @Gekko0114