Skip to content

selinux_linux: fix path in execLabel()#253

Merged
kolyshkin merged 2 commits intoopencontainers:mainfrom
mschiff:main
Apr 18, 2026
Merged

selinux_linux: fix path in execLabel()#253
kolyshkin merged 2 commits intoopencontainers:mainfrom
mschiff:main

Conversation

@mschiff
Copy link
Copy Markdown
Contributor

@mschiff mschiff commented Apr 17, 2026

execLabel() was trying to read /proc/thread-self/exec instead of /proc/thread-self/attr/exec

@kolyshkin
Copy link
Copy Markdown
Collaborator

kolyshkin commented Apr 17, 2026
edited
Loading

@mschiff thank you! The fix is correct (and the issue is introduced in commit c8cfa6f). Unfortunately it was missed during a review, and we don't have a test case to catch that.

I have force-pushed to your branch to fix the missing Signed-off-by and add a second commit with the test case.

The test fails before the fix like this:

=== RUN   TestExecLabel
    selinux_linux_test.go:236: open /proc/thread-self/exec handle: unsafe procfs detected: openat2 /proc/thread-self/exec: no such file or directory
--- FAIL: TestExecLabel (0.00s)

@kolyshkin
Copy link
Copy Markdown
Collaborator

kolyshkin commented Apr 17, 2026

@thaJeztah PTAL

thaJeztah
thaJeztah approved these changes Apr 18, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@thaJeztah thaJeztah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thx!

mschiff and others added 2 commits April 18, 2026 16:41
@mschiff @kolyshkin
selinux_linux: fix path in execLabel()
d373fd1 
Fixes: c8cfa6f ("selinux: migrate to pathrs-lite procfs API")
Signed-off-by: Marc Schiffbauer <mschiff@gentoo.org>
@kolyshkin
Add a test case for ExecLabel/SetExecLabel
3d7aa10 
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
@kolyshkin kolyshkin merged commit e624db9 into opencontainers:main Apr 18, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thaJeztah thaJeztah thaJeztah approved these changes

@kolyshkin kolyshkin kolyshkin approved these changes

@mrunalp mrunalp Awaiting requested review from mrunalp mrunalp is a code owner

@rhatdan rhatdan Awaiting requested review from rhatdan rhatdan is a code owner

@runcom runcom Awaiting requested review from runcom runcom is a code owner

@cyphar cyphar Awaiting requested review from cyphar cyphar is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mschiff @kolyshkin @thaJeztah