Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
iSulad
提交
54c7c98e
I
iSulad
项目概览
openeuler
/
iSulad
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
I
iSulad
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
54c7c98e
编写于
7月 17, 2020
作者:
L
lifeng68
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
selinux: fix memory leak in selinux
Signed-off-by:
N
lifeng68
<
lifeng68@huawei.com
>
上级
100d4e2e
变更
5
显示空白变更内容
内联
并排
Showing
5 changed file
with
41 addition
and
22 deletion
+41
-22
src/daemon/common/selinux_label.c
src/daemon/common/selinux_label.c
+7
-2
src/daemon/common/selinux_label.h
src/daemon/common/selinux_label.h
+1
-1
test/image/oci/storage/rootfs/storage_rootfs_ut.cpp
test/image/oci/storage/rootfs/storage_rootfs_ut.cpp
+12
-7
test/services/execution/execute/execution_extend/execution_extend_ut.cpp
...xecution/execute/execution_extend/execution_extend_ut.cpp
+5
-0
test/services/execution/spec/selinux_label_ut.cpp
test/services/execution/spec/selinux_label_ut.cpp
+16
-12
未找到文件。
src/daemon/common/selinux_label.c
浏览文件 @
54c7c98e
...
...
@@ -326,7 +326,7 @@ out:
}
/* selinux state free */
static
void
selinux_state_free
(
selinux_state
*
state
)
static
void
do_
selinux_state_free
(
selinux_state
*
state
)
{
if
(
state
==
NULL
)
{
return
;
...
...
@@ -363,7 +363,7 @@ static selinux_state *selinux_state_new(void)
return
state
;
error_out:
selinux_state_free
(
g_selinux_
state
);
do_selinux_state_free
(
state
);
return
NULL
;
}
...
...
@@ -378,6 +378,11 @@ int selinux_state_init(void)
return
0
;
}
void
selinux_state_free
()
{
do_selinux_state_free
(
g_selinux_state
);
}
/* MCS already exists */
static
bool
is_mcs_already_exists
(
const
char
*
mcs
)
{
...
...
src/daemon/common/selinux_label.h
浏览文件 @
54c7c98e
...
...
@@ -31,7 +31,7 @@ int relabel(const char *path, const char *file_label, bool shared);
int
get_disable_security_opt
(
char
***
labels
,
size_t
*
labels_len
);
int
dup_security_opt
(
const
char
*
src
,
char
***
dst
,
size_t
*
len
);
char
*
selinux_format_mountlabel
(
const
char
*
src
,
const
char
*
mount_label
);
void
selinux_state_free
();
#ifdef __cplusplus
}
#endif
...
...
test/image/oci/storage/rootfs/storage_rootfs_ut.cpp
浏览文件 @
54c7c98e
...
...
@@ -127,7 +127,9 @@ TEST_F(StorageRootfsUnitTest, test_rootfs_load)
ASSERT_EQ
(
cntr
->
names_len
,
1
);
ASSERT_STREQ
(
cntr
->
names
[
0
],
"0e025f44cdca20966a5e5f11e1d9d8eb726aef2d38ed20f89ea986987c2010a9"
);
ASSERT_EQ
(
rootfs_store_set_big_data
(
ids
.
at
(
0
).
c_str
(),
"userdata"
,
BIG_DATA_CONTENT
.
c_str
()),
0
);
ASSERT_STREQ
(
rootfs_store_big_data
(
ids
.
at
(
0
).
c_str
(),
"userdata"
),
BIG_DATA_CONTENT
.
c_str
());
char
*
userdata_tmp
=
NULL
;
userdata_tmp
=
rootfs_store_big_data
(
ids
.
at
(
0
).
c_str
(),
"userdata"
);
ASSERT_STREQ
(
userdata_tmp
,
BIG_DATA_CONTENT
.
c_str
());
ASSERT_EQ
(
rootfs_store_set_metadata
(
ids
.
at
(
0
).
c_str
(),
META_DATA_CONTENT
.
c_str
()),
0
);
cntr_tmp
=
rootfs_store_get_rootfs
(
ids
.
at
(
0
).
c_str
());
...
...
@@ -137,6 +139,7 @@ TEST_F(StorageRootfsUnitTest, test_rootfs_load)
free_storage_rootfs
(
cntr
);
free_storage_rootfs
(
cntr_tmp
);
free
(
userdata_tmp
);
}
TEST_F
(
StorageRootfsUnitTest
,
test_rootfs_store_create
)
...
...
@@ -149,11 +152,11 @@ TEST_F(StorageRootfsUnitTest, test_rootfs_store_create)
std
::
string
layer_without_id
{
"h88ca140c6716a68d7bba0fe6529334e98de529bd8fb7agf3a21f08e772629a9"
};
std
::
string
metadata
{
"{}"
};
char
*
created_container
=
rootfs_store_create
(
id
.
c_str
(),
names_with_id
,
sizeof
(
names_with_id
)
/
sizeof
(
names_with_id
[
0
]),
image
.
c_str
(),
layer_with_id
.
c_str
(),
metadata
.
c_str
(),
nullptr
);
char
*
container_without_id
=
rootfs_store_create
(
nullptr
,
names_without_id
,
sizeof
(
names_without_id
)
/
sizeof
(
names_without_id
[
0
]),
image
.
c_str
(
),
layer_without_id
.
c_str
(),
metadata
.
c_str
(),
nullptr
);
sizeof
(
names_with_id
)
/
sizeof
(
names_with_id
[
0
]),
image
.
c_str
(),
layer_with_id
.
c_str
(),
metadata
.
c_str
(),
nullptr
);
char
*
container_without_id
=
rootfs_store_create
(
nullptr
,
names_without_id
,
sizeof
(
names_without_id
)
/
sizeof
(
names_without_id
[
0
]
),
image
.
c_str
(),
layer_without_id
.
c_str
(),
metadata
.
c_str
(),
nullptr
);
ASSERT_STREQ
(
created_container
,
id
.
c_str
());
ASSERT_NE
(
container_without_id
,
nullptr
);
...
...
@@ -161,6 +164,8 @@ TEST_F(StorageRootfsUnitTest, test_rootfs_store_create)
ASSERT_EQ
(
rootfs_store_get_rootfs
(
id
.
c_str
()),
nullptr
);
ASSERT_EQ
(
rootfs_store_delete
(
container_without_id
),
0
);
ASSERT_FALSE
(
dirExists
((
std
::
string
(
store_real_path
)
+
"/"
+
id
).
c_str
()));
free
(
created_container
);
free
(
container_without_id
);
}
TEST_F
(
StorageRootfsUnitTest
,
test_rootfs_store_lookup
)
...
...
test/services/execution/execute/execution_extend/execution_extend_ut.cpp
浏览文件 @
54c7c98e
...
...
@@ -135,6 +135,7 @@ container_t *invokeContainersStoreGet(const char *id_or_name)
container_t
*
cont
=
(
container_t
*
)
util_common_calloc_s
(
sizeof
(
container_t
));
cont
->
common_config
=
(
container_config_v2_common_config
*
)
util_common_calloc_s
(
sizeof
(
container_config_v2_common_config
));
cont
->
refcnt
=
1
;
return
cont
;
}
...
...
@@ -221,6 +222,8 @@ TEST_F(ExecutionExtendUnitTest, test_container_extend_callback_init_pause)
testing
::
Mock
::
VerifyAndClearExpectations
(
&
m_containersGc
);
testing
::
Mock
::
VerifyAndClearExpectations
(
&
m_containersOperator
);
testing
::
Mock
::
VerifyAndClearExpectations
(
&
m_containerUnix
);
free_container_pause_request
(
request
);
free_container_pause_response
(
response
);
}
TEST_F
(
ExecutionExtendUnitTest
,
test_container_extend_callback_init_resume
)
...
...
@@ -246,4 +249,6 @@ TEST_F(ExecutionExtendUnitTest, test_container_extend_callback_init_resume)
testing
::
Mock
::
VerifyAndClearExpectations
(
&
m_containersGc
);
testing
::
Mock
::
VerifyAndClearExpectations
(
&
m_containersOperator
);
testing
::
Mock
::
VerifyAndClearExpectations
(
&
m_containerUnix
);
free_container_resume_request
(
request
);
free_container_resume_response
(
response
);
}
test/services/execution/spec/selinux_label_ut.cpp
浏览文件 @
54c7c98e
...
...
@@ -36,8 +36,7 @@ protected:
}
void
TearDown
()
override
{
std
::
cout
<<
"selinux_state is the resident memory of the daemon."
<<
" The process exits and the memory is automatically released."
<<
std
::
endl
;
selinux_state_free
();
}
};
...
...
@@ -55,8 +54,10 @@ TEST_F(SELinuxLabelUnitTest, test_init_label_normal)
std
::
make_tuple
(
user_label
,
1
,
0
,
"fakeuser:system_r:container_t:s0"
,
"fakeuser:object_r:container_file_t:s0"
),
std
::
make_tuple
(
role_label
,
1
,
0
,
"system_u:fakerole:container_t:s0"
,
"system_u:object_r:container_file_t:s0"
),
std
::
make_tuple
(
type_label
,
1
,
0
,
"system_u:system_r:faketype:s0"
,
"system_u:object_r:container_file_t:s0"
),
std
::
make_tuple
(
level_label
,
1
,
0
,
"system_u:system_r:container_t:s0:c1,c2"
,
"system_u:object_r:container_file_t:s0:c1,c2"
),
std
::
make_tuple
(
full_label
,
4
,
0
,
"fakeuser:fakerole:faketype:s0:c1,c2"
,
"fakeuser:object_r:container_file_t:s0:c1,c2"
),
std
::
make_tuple
(
level_label
,
1
,
0
,
"system_u:system_r:container_t:s0:c1,c2"
,
"system_u:object_r:container_file_t:s0:c1,c2"
),
std
::
make_tuple
(
full_label
,
4
,
0
,
"fakeuser:fakerole:faketype:s0:c1,c2"
,
"fakeuser:object_r:container_file_t:s0:c1,c2"
),
std
::
make_tuple
(
nullptr
,
0
,
0
,
"system_u:system_r:container_t:s0"
,
"system_u:object_r:container_file_t:s0"
),
};
...
...
@@ -176,10 +177,14 @@ protected:
TEST_F
(
SELinuxRelabelUnitTest
,
test_relabel_normal
)
{
std
::
vector
<
std
::
tuple
<
std
::
string
,
bool
,
int
,
std
::
string
>>
normal
{
std
::
make_tuple
(
"system_u:object_r:container_file_t:s0:c100,c200"
,
false
,
0
,
"system_u:object_r:container_file_t:s0:c100,c200"
),
std
::
make_tuple
(
"system_u:object_r:container_file_t:s0:c300,c300"
,
false
,
0
,
"system_u:object_r:container_file_t:s0:c300"
),
std
::
make_tuple
(
"system_u:object_r:container_file_t:s0:c100,c200"
,
true
,
0
,
"system_u:object_r:container_file_t:s0"
),
std
::
make_tuple
(
"system_u:object_r:container_file_t:s0:c300,c300"
,
true
,
0
,
"system_u:object_r:container_file_t:s0"
),
std
::
make_tuple
(
"system_u:object_r:container_file_t:s0:c100,c200"
,
false
,
0
,
"system_u:object_r:container_file_t:s0:c100,c200"
),
std
::
make_tuple
(
"system_u:object_r:container_file_t:s0:c300,c300"
,
false
,
0
,
"system_u:object_r:container_file_t:s0:c300"
),
std
::
make_tuple
(
"system_u:object_r:container_file_t:s0:c100,c200"
,
true
,
0
,
"system_u:object_r:container_file_t:s0"
),
std
::
make_tuple
(
"system_u:object_r:container_file_t:s0:c300,c300"
,
true
,
0
,
"system_u:object_r:container_file_t:s0"
),
};
if
(
!
is_selinux_enabled
())
{
...
...
@@ -234,4 +239,3 @@ TEST_F(SELinuxRelabelUnitTest, test_get_disable_security_opt)
util_free_array
(
labels
);
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录