Merge pull request #2900 from Gekko0114/selinux_vagrant

selinux: create Vagrantfile for SELinux
youki-dev · Sep 20, 2024 · 0b92791 · 0b92791
2 parents c889150 + 35b94e4
commit 0b92791
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 3 deletions.
diff --git a/experiment/selinux/README.md b/experiment/selinux/README.md
@@ -10,3 +10,9 @@ Please import and use this project.
 ```console
 $ cargo run
 ```
+
+You can create an selinux environment via the Vagrantfile.
+
+```console
+$ vagrant up
+```
diff --git a/experiment/selinux/Vagrantfile b/experiment/selinux/Vagrantfile
@@ -0,0 +1,19 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+Vagrant.configure("2") do |config|
+    config.vm.box = "generic/centos8"
+    config.vm.synced_folder '.', '/vagrant/youki', disabled: false
+
+    config.vm.provider "virtualbox" do |v|
+      v.memory = 4096
+      v.cpus = 4
+    end
+
+    config.vm.provision "shell", privileged: false, inline: <<-SHELL
+      curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+      . "$HOME/.cargo/env"
+      sudo sed -i -e 's|^mirrorlist|#mirrorlist|g' -e 's|^#baseurl=http://mirror|baseurl=http://vault|g' /etc/yum.repos.d/CentOS-*repo
+      sudo yum -y install gcc curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker autoconf wget make
+    SHELL
+end
diff --git a/experiment/selinux/src/main.rs b/experiment/selinux/src/main.rs
@@ -34,7 +34,7 @@ fn main() -> Result<()> {
     let file_path = Path::new("./test_file.txt");
     let _file = File::create(file_path)?;
     let selinux_label =
-        SELinuxLabel::try_from("unconfined_u:object_r:public_content_t:s1".to_string())?;
+        SELinuxLabel::try_from("system_u:object_r:public_content_t:s0".to_string())?;
     SELinux::set_file_label(file_path, selinux_label)?;
     let current_label = SELinux::file_label(file_path)?;
     println!("file label is {}", current_label);

diff --git a/experiment/selinux/src/tools/xattr.rs b/experiment/selinux/src/tools/xattr.rs
@@ -34,7 +34,7 @@ where
     // set_xattr sets extended attributes on a file specified by its path.
     fn set_xattr(&self, attr: &str, data: &[u8]) -> Result<(), XattrError> {
         let path = self.as_ref();
-        match rfs::setxattr(path, attr, data, rfs::XattrFlags::CREATE) {
+        match rfs::setxattr(path, attr, data, rfs::XattrFlags::REPLACE) {
             Ok(_) => Ok(()),
             Err(e) => {
                 let errno = e.raw_os_error();
@@ -50,7 +50,7 @@ where
     // lset_xattr sets extended attributes on a symbolic link.
     fn lset_xattr(&self, attr: &str, data: &[u8]) -> Result<(), XattrError> {
         let path = self.as_ref();
-        match rfs::lsetxattr(path, attr, data, rfs::XattrFlags::CREATE) {
+        match rfs::lsetxattr(path, attr, data, rfs::XattrFlags::REPLACE) {
             Ok(_) => Ok(()),
             Err(e) => {
                 let errno = e.raw_os_error();