Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Use a native library for SELinux in wwclient #2042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Use a native library for SELinux in wwclient #2042

wants to merge 1 commit into from

Conversation

@anderbubble
Copy link
Collaborator

@anderbubble anderbubble commented Oct 16, 2025

Description of the Pull Request (PR):

This removes the dependency on shelling out to commands in the image.

Done on the side while working on #1997.

Reviewer checklist

The reviewer checks the following items before merging the PR.

  • The PR is based on the appropriate branch (typically main)
  • All commits are "Signed off" (e.g., using git commit --signoff) in agreement to the DCO
  • The CHANGELOG has been updated, if necessary, and under the correct release heading
  • The userdocs have been updated, if necessary
  • The submitter is listed in the contributors file
  • The test suite has been updated, if necessary

@anderbubble anderbubble added this to the v4.6.5 milestone Oct 16, 2025
@anderbubble anderbubble self-assigned this Oct 16, 2025
Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR replaces shell command dependencies with a native Go library for SELinux operations in wwclient, improving reliability and reducing external dependencies.

Key changes:

  • Replace custom SELinux detection with github.com/opencontainers/selinux library
  • Eliminate shell commands (matchpathcon, restorecon, chcon) in favor of native Go API calls
  • Improve SELinux context handling logic with better fallback mechanisms

Reviewed Changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

File Description
internal/app/wwclient/root.go Replace shell-based SELinux operations with native library calls and improved context handling logic
go.mod Add opencontainers/selinux v1.11.1 dependency
CHANGELOG.md Document the SELinux implementation change

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@anderbubble anderbubble marked this pull request as draft October 16, 2025 17:34
@anderbubble
Copy link
Collaborator Author

anderbubble commented Oct 16, 2025

I'll resolve the conflict and address the Copilot comments.

@anderbubble anderbubble force-pushed the native-wwclient-selinux branch 2 times, most recently from 0817842 to c3356e4 Compare October 16, 2025 17:42
@anderbubble anderbubble marked this pull request as ready for review October 16, 2025 17:42
@anderbubble anderbubble requested a review from Copilot October 16, 2025 17:42
Copilot AI reviewed Oct 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

Copilot reviewed 3 out of 4 changed files in this pull request and generated 2 comments.

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@anderbubble
Use a native library for SELinux in wwclient
30c9b7a 
This removes the dependency on shelling out to commands in the image.

Signed-off-by: Jonathon Anderson <[email protected]>
@anderbubble anderbubble force-pushed the native-wwclient-selinux branch from c3356e4 to 30c9b7a Compare October 16, 2025 17:46
@middelkoopt
Copy link
Contributor

middelkoopt commented Oct 30, 2025

@anderbubble is this obsoleted by #2055?

@anderbubble
Copy link
Collaborator Author

anderbubble commented Oct 30, 2025

@middelkoopt this is not obsoleted by #2055, but is work that I discovered in parallel with that. I think it should still be applied.

middelkoopt
middelkoopt approved these changes Oct 31, 2025
View reviewed changes
Copy link
Contributor

@middelkoopt middelkoopt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR and approach looks good. Lightly tested on my test cluster.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@middelkoopt middelkoopt middelkoopt approved these changes

@mslacken mslacken Awaiting requested review from mslacken

Assignees

@anderbubble anderbubble

Labels

wwclient

Projects

None yet

Milestone

v4.6.5

Development

Successfully merging this pull request may close these issues.

2 participants

@anderbubble @middelkoopt