Feat: select valid modules before create filesystem

coreos · Nov 6, 2023 · 47092de · 47092de
1 parent 5a92e5c
commit 47092de
Showing 1 changed file with 44 additions and 37 deletions.
diff --git a/config/fcos/v1_6_exp/translate.go b/config/fcos/v1_6_exp/translate.go
@@ -382,53 +382,60 @@ func (c Config) handleSelinux(options common.TranslateOptions) (types.Config, tr
 	var r report.Report
 	yamlPath := path.New("yaml", "selinux", "module")
 
-	// create boot filesystem
-	rendered.Storage.Filesystems = append(rendered.Storage.Filesystems,
-		types.Filesystem{
-			Device: "/dev/disk/by-label/boot",
-			Format: util.StrToPtr("ext4"),
-			Path:   util.StrToPtr("/boot"),
-		})
+	hasValidModule := false
 
-	// this should happen as many times as there are modules
 	for _, module := range c.Selinux.Module {
-
-		src, compression, err := baseutil.MakeDataURL([]byte(module.Content), nil, !options.NoResourceAutoCompression)
-		if err != nil {
-			r.AddOnError(yamlPath, err)
-			return rendered, ts, r
+		if module.Name != "" && module.Content == "" || module.Content != "" && module.Name == "" || module.Name == "" && module.Content == "" {
+			r.AddOnWarn(path.New("yaml", "selinux", "module"), common.ErrFieldInvalid)
+		} else {
+			hasValidModule = true
+			break
 		}
 
-		filePath := fmt.Sprintf("/etc/selinux/targeted/modules/active/extra/%s.cil", module.Name)
-
-		rendered.Storage.Files = append(rendered.Storage.Files,
-			types.File{
-				Node: types.Node{
-					Path: filePath,
-				},
-				FileEmbedded1: types.FileEmbedded1{
-					Append: []types.Resource{
-						{
-							Source:      util.StrToPtr(src),
-							Compression: compression,
-						},
-					},
-				},
-			})
+		if hasValidModule {
+			rendered.Storage.Filesystems = append(rendered.Storage.Filesystems,
+				types.Filesystem{
+					Device: "/dev/disk/by-label/boot",
+					Format: util.StrToPtr("ext4"),
+					Path:   util.StrToPtr("/boot"),
+				})
 
-		if module.Name != "" {
-			commandToExecute := "semodule -i"
-			cmd := exec.Command(commandToExecute, filePath)
-			err := cmd.Run()
+			src, compression, err := baseutil.MakeDataURL([]byte(module.Content), nil, !options.NoResourceAutoCompression)
 			if err != nil {
-				fmt.Printf("Error running semodule %v", module.Name)
+				r.AddOnError(yamlPath, err)
+				return rendered, ts, r
 			}
 
-			fmt.Printf("SELinux module file imported successfully\n")
+			if module.Name != "" {
+				filePath := fmt.Sprintf("/etc/selinux/targeted/modules/active/extra/%s.cil", module.Name)
 
-		}
-		ts.AddFromCommonSource(yamlPath, path.New("json", "storage"), rendered.Storage)
+				rendered.Storage.Files = append(rendered.Storage.Files,
+					types.File{
+						Node: types.Node{
+							Path: filePath,
+						},
+						FileEmbedded1: types.FileEmbedded1{
+							Append: []types.Resource{
+								{
+									Source:      util.StrToPtr(src),
+									Compression: compression,
+								},
+							},
+						},
+					})
 
+				commandToExecute := "semodule -i"
+				cmd := exec.Command(commandToExecute, filePath)
+				err := cmd.Run()
+				if err != nil {
+					fmt.Printf("Error running semodule %v", module.Name)
+				}
+
+				fmt.Printf("SELinux module file imported successfully\n")
+
+				ts.AddFromCommonSource(yamlPath, path.New("json", "storage"), rendered.Storage)
+			}
+		}
 	}
 
 	return rendered, ts, r