Create vagrantfile for SELinux

Signed-off-by: moriya <41197469+Gekko0114@users.noreply.github.com>
2024-11-22 17:02:00 +01:00 · 2024-09-01 16:16:33 +09:00 · 2024-09-01 16:16:33 +09:00 · 5ba6ac34b7
commit 5ba6ac34b7
parent c889150868
4 changed files with 29 additions and 3 deletions
--- a/experiment/selinux/README.md
+++ b/experiment/selinux/README.md
@ -10,3 +10,9 @@ Please import and use this project.
 ```console
 $ cargo run
 ```
+
+You can create an selinux environment via the Vagrantfile.
+
+```console
+$ vagrant up
+```
--- a/experiment/selinux/Vagrantfile
+++ b/experiment/selinux/Vagrantfile
@ -0,0 +1,20 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+    config.vm.box = "centos/8"
+    config.vm.synced_folder '.', '/vagrant/youki', disabled: false
+
+    config.vm.provider "virtualbox" do |v|
+      v.memory = 4096
+      v.cpus = 4
+    end
+
+    config.vm.provision "shell", privileged: false, inline: <<-SHELL
+      curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+      . "$HOME/.cargo/env"
+      sudo sed -i -e 's|^mirrorlist|#mirrorlist|g' -e 's|^#baseurl=http://mirror|baseurl=http://vault|g' /etc/yum.repos.d/CentOS-*repo
+      sudo yum -y install gcc curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker autoconf wget make git
+      git clone https://github.com/containers/youki
+    SHELL
+end
--- a/experiment/selinux/src/main.rs
+++ b/experiment/selinux/src/main.rs
@ -34,7 +34,7 @@ fn main() -> Result<()> {
    let file_path = Path::new("./test_file.txt");
    let _file = File::create(file_path)?;
    let selinux_label =
-        SELinuxLabel::try_from("unconfined_u:object_r:public_content_t:s1".to_string())?;
+        SELinuxLabel::try_from("system_u:object_r:public_content_t:s0".to_string())?;
    SELinux::set_file_label(file_path, selinux_label)?;
    let current_label = SELinux::file_label(file_path)?;
    println!("file label is {}", current_label);
--- a/experiment/selinux/src/tools/xattr.rs
+++ b/experiment/selinux/src/tools/xattr.rs
@ -34,7 +34,7 @@ where
    // set_xattr sets extended attributes on a file specified by its path.
    fn set_xattr(&self, attr: &str, data: &[u8]) -> Result<(), XattrError> {
        let path = self.as_ref();
-        match rfs::setxattr(path, attr, data, rfs::XattrFlags::CREATE) {
+        match rfs::setxattr(path, attr, data, rfs::XattrFlags::REPLACE) {
            Ok(_) => Ok(()),
            Err(e) => {
                let errno = e.raw_os_error();
@ -50,7 +50,7 @@ where
    // lset_xattr sets extended attributes on a symbolic link.
    fn lset_xattr(&self, attr: &str, data: &[u8]) -> Result<(), XattrError> {
        let path = self.as_ref();
-        match rfs::lsetxattr(path, attr, data, rfs::XattrFlags::CREATE) {
+        match rfs::lsetxattr(path, attr, data, rfs::XattrFlags::REPLACE) {
            Ok(_) => Ok(()),
            Err(e) => {
                let errno = e.raw_os_error();