diff --git a/.github/workflows/testing.yaml b/.github/workflows/testing.yaml index 8d5d53a..0210fa5 100644 --- a/.github/workflows/testing.yaml +++ b/.github/workflows/testing.yaml @@ -37,7 +37,7 @@ jobs: - name: Run unit tests run: | - RUNNER_IMG=localhost/kantra:latest go test ./... + RUNNER_IMG=localhost/kantra:latest DISABLE_RELABEL=true go test ./... - name: Fetch sample applications run: | @@ -46,7 +46,7 @@ jobs: - name: Run analysis test and copy output run: | - RUNNER_IMG=localhost/kantra:latest ./kantra analyze --input $(pwd)/example-applications/example-1/ --output ./output/ --rules ./test-data/jni-native-code-test.windup.xml --target cloud-readiness + RUNNER_IMG=localhost/kantra:latest DISABLE_RELABEL=true ./kantra analyze --input $(pwd)/example-applications/example-1/ --output ./output/ --rules ./test-data/jni-native-code-test.windup.xml --target cloud-readiness # TODO (pgaikwad): Change this to a yaml test and run `kantra test` - name: Fail if analysis output does not match expected diff --git a/cmd/analyze.go b/cmd/analyze.go index cbb07a7..d456526 100644 --- a/cmd/analyze.go +++ b/cmd/analyze.go @@ -821,6 +821,7 @@ func (a *analyzeCommand) RunProviders(ctx context.Context, networkName string, v container.WithDetachedMode(true), container.WithCleanup(a.cleanup), container.WithNetwork(networkName), + container.WithSELinuxRelabel(!Settings.DisableSelRelabel), ) if err != nil { err := a.retryProviderContainer(ctx, networkName, volName, providers, retry) @@ -939,6 +940,7 @@ func (a *analyzeCommand) RunAnalysis(ctx context.Context, xmlOutputDir string, v container.WithNetwork(fmt.Sprintf("container:%v", a.providerContainerNames[0])), container.WithContainerToolBin(Settings.PodmanBinary), container.WithCleanup(a.cleanup), + container.WithSELinuxRelabel(!Settings.DisableSelRelabel), ) if err != nil { return err diff --git a/cmd/settings.go b/cmd/settings.go index 15cd3bf..df1a8c9 100644 --- a/cmd/settings.go +++ b/cmd/settings.go @@ -27,6 +27,7 @@ type Config struct { RunnerImage string `env:"RUNNER_IMG" default:"quay.io/konveyor/kantra"` JvmMaxMem string `env:"JVM_MAX_MEM" default:""` RunLocal bool `env:"RUN_LOCAL"` + DisableSelRelabel bool `env:"DISABLE_RELABEL"` JavaProviderImage string `env:"JAVA_PROVIDER_IMG" default:"quay.io/konveyor/java-external-provider:latest"` GenericProviderImage string `env:"GENERIC_PROVIDER_IMG" default:"quay.io/konveyor/generic-external-provider:latest"` DotNetProviderImage string `env:"DOTNET_PROVIDER_IMG" default:"quay.io/konveyor/dotnet-external-provider:latest"` diff --git a/pkg/container/container.go b/pkg/container/container.go index 1c6d974..03976e3 100644 --- a/pkg/container/container.go +++ b/pkg/container/container.go @@ -18,15 +18,16 @@ import ( ) type container struct { - stdout []io.Writer - stderr []io.Writer - Name string - image string - NetworkName string - entrypointBin string - entrypointArgs []string - workdir string - env map[string]string + stdout []io.Writer + stderr []io.Writer + Name string + image string + NetworkName string + entrypointBin string + entrypointArgs []string + workdir string + env map[string]string + enableSelinuxRelabel bool // whether to delete container after run() cleanup bool // map of source -> dest paths to mount @@ -136,6 +137,12 @@ func WithReproduceCmd(r *string) Option { } } +func WithSELinuxRelabel(r bool) Option { + return func(c *container) { + c.enableSelinuxRelabel = r + } +} + func RandomName() string { rand.Seed(int64(time.Now().Nanosecond())) charset := "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" @@ -148,15 +155,16 @@ func RandomName() string { func NewContainer() *container { return &container{ - image: "", - containerToolBin: "podman", - entrypointArgs: []string{}, - volumes: make(map[string]string), - stdout: []io.Writer{os.Stdout}, - env: map[string]string{}, - stderr: []io.Writer{os.Stderr}, - Name: RandomName(), - NetworkName: "", + image: "", + containerToolBin: "podman", + entrypointArgs: []string{}, + volumes: make(map[string]string), + stdout: []io.Writer{os.Stdout}, + env: map[string]string{}, + stderr: []io.Writer{os.Stderr}, + enableSelinuxRelabel: true, + Name: RandomName(), + NetworkName: "", // by default, remove the container after run() cleanup: true, cFlag: false, @@ -199,7 +207,7 @@ func (c *container) Run(ctx context.Context, opts ...Option) error { } for sourcePath, destPath := range c.volumes { args = append(args, "-v") - if os == "linux" { + if os == "linux" && c.enableSelinuxRelabel { args = append(args, fmt.Sprintf("%s:%s:z", filepath.Clean(sourcePath), path.Clean(destPath))) } else {