Gekko0114
commented
4 months ago @utam0k I created a issue here, please correct me if I misunderstand.
Open Gekko0114 opened 4 months ago
Gekko0114
commented
4 months ago @utam0k I created a issue here, please correct me if I misunderstand.
YJDoc2
commented
3 months ago Hey @Gekko0114 , do you need any help with this?
Gekko0114
commented
3 months ago Thanks, but I don't have enough time to work on these days.. I plan to work on it when I have time. Sorry for inconvenience. I thought it is not so urgent, but if it is urgent, please let me know.
YJDoc2
commented
3 months ago Thanks, but I don't have enough time to work on these days..
I completely understand, no worries!
I plan to work on it when I have time. Sorry for inconvenience. I thought it is not so urgent, but if it is urgent, please let me know.
This is not exactly urgent, but given that this is an incorrect implementation , I would prefer to have it fixed sooner than later. I was just wondering if you are still planning to work on this or not, so pinged you. Take your time :purple_heart:
Gekko0114
commented
1 month ago Hi @YJDoc2, @utam0k
Sorry for not doing this task for a while. I will resume it. Seems that https://github.com/opencontainers/selinux has several files. So I would like to take this task into several PRs, like these. Do you have any suggestions about this?
YJDoc2
commented
1 month ago Sorry for not doing this task for a while. I will resume it.
No worries!
Hey @Gekko0114 , I don't think I'll be able to help much in near future, but one thing I can suggest is we can implement this under the experimental/ , similar to how utam0k is implementing the rust libseccomp. That way you can make PRs for individual files, or features, along with their tests when applicable. Once we feel that it is complete, we can move it to the youki workspace and use it in youki where needed. wdyt?
Also checking the files, pkg/pwalk seems to be deprecated and pkg/pwalkdir should be checked once if we need it at all or not, it can be directly added as part of the new library we are making instead of a separate package.
Gekko0114
commented
1 month ago Sure, thanks for your suggestion! SGTM.
Then, I will create PRs under the experimental/.
After understanding the library selinux, I will start working it.
utam0k
commented
1 month ago I agree with @YJDoc2 . It would be an good idea.
Gekko0114
commented
1 month ago Hi @utam0k, @YJDoc2
I have a question.
go-selinux handles xattr https://github.com/opencontainers/selinux/blob/main/go-selinux/selinux_linux.go#L346.
However, https://github.com/nix-rust/nix doesn't seem to have functions handling xattr.
Should I create a crate handling xattr as well? Or should I import the library outside of this repo, like this https://github.com/Stebalien/xattr ?
YJDoc2
commented
1 month ago Hey regarding this, if the implementation of related xattr functions is not too complex, and there are not too many edge-cases to be considered, I'd prefer not to add a dependency to deal with it. For implementing it , I'd prefer to have it as a module in the same selinux crate instead of separate crate, so that we don't have to publish and manage two crates for this. wdyt?
Gekko0114
commented
1 month ago SGTM, thanks! Then I will add xattr function in one crate.
background
In this PR https://github.com/containers/youki/pull/2688, it was found that the implementation of linux mount label is different between runc and youki.
What we will do
Youki should follow runc's implementation. Therefore, we will implement the crate like opencontainers/selinux in this issue.