Tap plugin

This PR adds a plugin to create tap devices. The plugin adds a tap device to the container. The plugin has a workaround for a golang netlink library which does not allow for tap devices with no owner/group to be created. When no tap owner/group is requested, the plugin will fall back to using the ip tool for creating the tap device. A fix to the golang netlink lib is pending. Signed-off-by: mmirecki <mmirecki@redhat.com>
2022-11-17 16:09:26 +01:00
parent 98e01b7c80
commit 01d0031487
27 changed files with 4351 additions and 0 deletions
--- a/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
+++ b/vendor/github.com/opencontainers/selinux/go-selinux/selinux_stub.go
@ -0,0 +1,154 @@
+// +build !linux
+
+package selinux
+
+const privContainerMountLabel = ""
+
+func setDisabled() {
+}
+
+func getEnabled() bool {
+	return false
+}
+
+func classIndex(class string) (int, error) {
+	return -1, nil
+}
+
+func setFileLabel(fpath string, label string) error {
+	return nil
+}
+
+func fileLabel(fpath string) (string, error) {
+	return "", nil
+}
+
+func setFSCreateLabel(label string) error {
+	return nil
+}
+
+func fsCreateLabel() (string, error) {
+	return "", nil
+}
+
+func currentLabel() (string, error) {
+	return "", nil
+}
+
+func pidLabel(pid int) (string, error) {
+	return "", nil
+}
+
+func execLabel() (string, error) {
+	return "", nil
+}
+
+func canonicalizeContext(val string) (string, error) {
+	return "", nil
+}
+
+func computeCreateContext(source string, target string, class string) (string, error) {
+	return "", nil
+}
+
+func calculateGlbLub(sourceRange, targetRange string) (string, error) {
+	return "", nil
+}
+
+func setExecLabel(label string) error {
+	return nil
+}
+
+func setTaskLabel(label string) error {
+	return nil
+}
+
+func setSocketLabel(label string) error {
+	return nil
+}
+
+func socketLabel() (string, error) {
+	return "", nil
+}
+
+func peerLabel(fd uintptr) (string, error) {
+	return "", nil
+}
+
+func setKeyLabel(label string) error {
+	return nil
+}
+
+func keyLabel() (string, error) {
+	return "", nil
+}
+
+func (c Context) get() string {
+	return ""
+}
+
+func newContext(label string) (Context, error) {
+	c := make(Context)
+	return c, nil
+}
+
+func clearLabels() {
+}
+
+func reserveLabel(label string) {
+}
+
+func enforceMode() int {
+	return Disabled
+}
+
+func setEnforceMode(mode int) error {
+	return nil
+}
+
+func defaultEnforceMode() int {
+	return Disabled
+}
+
+func releaseLabel(label string) {
+}
+
+func roFileLabel() string {
+	return ""
+}
+
+func kvmContainerLabels() (string, string) {
+	return "", ""
+}
+
+func initContainerLabels() (string, string) {
+	return "", ""
+}
+
+func containerLabels() (processLabel string, fileLabel string) {
+	return "", ""
+}
+
+func securityCheckContext(val string) error {
+	return nil
+}
+
+func copyLevel(src, dest string) (string, error) {
+	return "", nil
+}
+
+func chcon(fpath string, label string, recurse bool) error {
+	return nil
+}
+
+func dupSecOpt(src string) ([]string, error) {
+	return nil, nil
+}
+
+func disableSecOpt() []string {
+	return []string{"disable"}
+}
+
+func getDefaultContextWithLevel(user, level, scon string) (string, error) {
+	return "", nil
+}