[docker] Fix runtime check_is_active sysroot consideration #3375
Conversation
A runtime's `check_is_active()` does not get passed a sysroot at any point, so the docker runtime abstraction should just use the policy sysroot directly. Additionally, `check_can_copy()` should be simplified to simply return the already-determined active state of the runtime. Signed-off-by: Jake Hunsaker <[email protected]>
|
Congratulations! One of the builds has completed. 🍾 You can install the built RPMs by following these steps:
Please note that the RPMs should be used only in a testing environment. |
| (self.policy.init_system.is_running('docker') or | ||
| self.policy.init_system.is_running('snap.docker.dockerd'))): | ||
| self.active = True | ||
| return True | ||
| return False | ||
|
|
||
| def check_can_copy(self): | ||
| return self.check_is_active(sysroot=self.policy.sysroot) | ||
| return self.active |
There was a problem hiding this comment.
self.active = False until check_is_active is called (applies both for ContainerRuntime and DockerContainerRuntime). Can't we get wrong False return here just because we haven't called check_is_active?
There was a problem hiding this comment.
In the current flow, no, because a runtime is only loaded if check_is_active() returns True when the policy is loaded. If this call returns False during policy instantiation, we drop the runtime entirely.
If someone were to separately try to leverage a runtime here, theoretically yes they could end up calling this before check_is_acitve(), but that's not something we support.
A runtime's
check_is_active()does not get passed a sysroot at any point, so the docker runtime abstraction should just use the policy sysroot directly.Additionally,
check_can_copy()should be simplified to simply return the already-determined active state of the runtime.Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines