Skip to content

Use SelinuxContext.SHARED by default #7187

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 10 commits into from
Jun 20, 2023
Merged

Use SelinuxContext.SHARED by default #7187

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
eb6a1d0
Use shared selinux context for filesystem binds
monosoul Dec 6, 2022
0ff9de1
Merge branch 'main' into patch-2
monosoul Dec 9, 2022
9e21007
Merge branch 'main' into patch-2
monosoul Dec 21, 2022
66e47b9
Merge branch 'main' into patch-2
monosoul Feb 1, 2023
04f3ccc
Merge branch 'main' into patch-2
monosoul Feb 7, 2023
1c17297
Update condition
eddumelendez Mar 2, 2023
caf655d
Fix test
eddumelendez Mar 2, 2023
c49d830
Fix format
eddumelendez Mar 2, 2023
53b3e34
Review feedback: only needs to mount on READ_WRITE access
Jun 12, 2023
30af360
Merge branch 'main' into patch-2
jeroen-vd-nl Jun 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions core/src/main/java/org/testcontainers/containers/Container.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ class ExecResult {
* @param mode the bind mode
*/
default void addFileSystemBind(final String hostPath, final String containerPath, final BindMode mode) {
addFileSystemBind(hostPath, containerPath, mode, SelinuxContext.NONE);
addFileSystemBind(hostPath, containerPath, mode, SelinuxContext.SHARED);
}

/**
Expand Down Expand Up @@ -303,7 +303,7 @@ default SELF withClasspathResourceMapping(
final String containerPath,
final BindMode mode
) {
withClasspathResourceMapping(resourcePath, containerPath, mode, SelinuxContext.NONE);
withClasspathResourceMapping(resourcePath, containerPath, mode, SelinuxContext.SHARED);
return self();
}

Expand Down
8 changes: 4 additions & 4 deletions core/src/main/java/org/testcontainers/containers/GenericContainer.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1290,7 +1290,7 @@ public SELF withClasspathResourceMapping(
final String containerPath,
final BindMode mode
) {
return withClasspathResourceMapping(resourcePath, containerPath, mode, SelinuxContext.NONE);
return withClasspathResourceMapping(resourcePath, containerPath, mode, SelinuxContext.SHARED);
}

/**
Expand All @@ -1305,10 +1305,10 @@ public SELF withClasspathResourceMapping(
) {
final MountableFile mountableFile = MountableFile.forClasspathResource(resourcePath);

if (mode == BindMode.READ_ONLY && selinuxContext == SelinuxContext.NONE) {
withCopyFileToContainer(mountableFile, containerPath);
} else {
if (mode == BindMode.READ_WRITE) {
addFileSystemBind(mountableFile.getResolvedPath(), containerPath, mode, selinuxContext);
} else {
withCopyFileToContainer(mountableFile, containerPath);
}

return self();
Expand Down
5 changes: 1 addition & 4 deletions core/src/test/java/org/testcontainers/junit/CopyFileToContainerTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,15 +49,12 @@ public void shouldUseCopyOnlyWithReadOnlyClasspathResources() {
String resource = "/test_copy_to_container.txt";
GenericContainer<?> container = new GenericContainer<>(TestImages.TINY_IMAGE)
.withClasspathResourceMapping(resource, "/readOnly", BindMode.READ_ONLY)
.withClasspathResourceMapping(resource, "/readOnlyNoSelinux", BindMode.READ_ONLY)
.withClasspathResourceMapping(resource, "/readOnlyShared", BindMode.READ_ONLY, SelinuxContext.SHARED)
.withClasspathResourceMapping(resource, "/readWrite", BindMode.READ_WRITE);

Map<MountableFile, String> copyMap = container.getCopyToFileContainerPathMap();
assertThat(copyMap).as("uses copy for read-only").containsValue("/readOnly");
assertThat(copyMap).as("uses copy for read-only and no Selinux").containsValue("/readOnlyNoSelinux");

assertThat(copyMap).as("uses mount for read-only with Selinux").doesNotContainValue("/readOnlyShared");
assertThat(copyMap).as("uses copy for read-only with Selinux").containsValue("/readOnlyShared");
assertThat(copyMap).as("uses mount for read-write").doesNotContainValue("/readWrite");
}

Expand Down