1
0
mirror of https://github.com/containers/youki synced 2024-11-23 01:11:58 +01:00

Create vagrantfile for SELinux

Signed-off-by: moriya <41197469+Gekko0114@users.noreply.github.com>
This commit is contained in:
moriya 2024-09-01 16:16:33 +09:00
parent c889150868
commit 5ba6ac34b7
4 changed files with 29 additions and 3 deletions

@ -10,3 +10,9 @@ Please import and use this project.
```console ```console
$ cargo run $ cargo run
``` ```
You can create an selinux environment via the Vagrantfile.
```console
$ vagrant up
```

20
experiment/selinux/Vagrantfile vendored Normal file

@ -0,0 +1,20 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure("2") do |config|
config.vm.box = "centos/8"
config.vm.synced_folder '.', '/vagrant/youki', disabled: false
config.vm.provider "virtualbox" do |v|
v.memory = 4096
v.cpus = 4
end
config.vm.provision "shell", privileged: false, inline: <<-SHELL
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
. "$HOME/.cargo/env"
sudo sed -i -e 's|^mirrorlist|#mirrorlist|g' -e 's|^#baseurl=http://mirror|baseurl=http://vault|g' /etc/yum.repos.d/CentOS-*repo
sudo yum -y install gcc curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker autoconf wget make git
git clone https://github.com/containers/youki
SHELL
end

@ -34,7 +34,7 @@ fn main() -> Result<()> {
let file_path = Path::new("./test_file.txt"); let file_path = Path::new("./test_file.txt");
let _file = File::create(file_path)?; let _file = File::create(file_path)?;
let selinux_label = let selinux_label =
SELinuxLabel::try_from("unconfined_u:object_r:public_content_t:s1".to_string())?; SELinuxLabel::try_from("system_u:object_r:public_content_t:s0".to_string())?;
SELinux::set_file_label(file_path, selinux_label)?; SELinux::set_file_label(file_path, selinux_label)?;
let current_label = SELinux::file_label(file_path)?; let current_label = SELinux::file_label(file_path)?;
println!("file label is {}", current_label); println!("file label is {}", current_label);

@ -34,7 +34,7 @@ where
// set_xattr sets extended attributes on a file specified by its path. // set_xattr sets extended attributes on a file specified by its path.
fn set_xattr(&self, attr: &str, data: &[u8]) -> Result<(), XattrError> { fn set_xattr(&self, attr: &str, data: &[u8]) -> Result<(), XattrError> {
let path = self.as_ref(); let path = self.as_ref();
match rfs::setxattr(path, attr, data, rfs::XattrFlags::CREATE) { match rfs::setxattr(path, attr, data, rfs::XattrFlags::REPLACE) {
Ok(_) => Ok(()), Ok(_) => Ok(()),
Err(e) => { Err(e) => {
let errno = e.raw_os_error(); let errno = e.raw_os_error();
@ -50,7 +50,7 @@ where
// lset_xattr sets extended attributes on a symbolic link. // lset_xattr sets extended attributes on a symbolic link.
fn lset_xattr(&self, attr: &str, data: &[u8]) -> Result<(), XattrError> { fn lset_xattr(&self, attr: &str, data: &[u8]) -> Result<(), XattrError> {
let path = self.as_ref(); let path = self.as_ref();
match rfs::lsetxattr(path, attr, data, rfs::XattrFlags::CREATE) { match rfs::lsetxattr(path, attr, data, rfs::XattrFlags::REPLACE) {
Ok(_) => Ok(()), Ok(_) => Ok(()),
Err(e) => { Err(e) => {
let errno = e.raw_os_error(); let errno = e.raw_os_error();