Remove mountLabel

bitoku · bitoku · commit e042f84b2326 · 2025-05-01T12:33:05.000Z
Signed-off-by: Ayato Tokubi &lt;atokubi@redhat.com&gt;
diff --git a/server/container_create.go b/server/container_create.go
@@ -837,7 +837,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, ctr container.Conta
 		}
 	}()
 
-	containerVolumes, ociMounts, safeMounts, err := s.addOCIBindMounts(ctx, ctr, mountLabel, maybeRelabel, skipRelabel, cgroup2RW, idMapSupport, rroSupport, s.ContainerServer.Config().Root, containerInfo.RunDir)
+	containerVolumes, ociMounts, safeMounts, err := s.addOCIBindMounts(ctx, ctr, &containerInfo, maybeRelabel, skipRelabel, cgroup2RW, idMapSupport, rroSupport, s.ContainerServer.Config().Root, containerInfo.RunDir)
 	if err != nil {
 		return nil, err
 	}
diff --git a/server/container_create_linux.go b/server/container_create_linux.go
@@ -28,6 +28,7 @@ import (
 	"github.com/cri-o/cri-o/internal/log"
 	"github.com/cri-o/cri-o/internal/oci"
 	"github.com/cri-o/cri-o/internal/ociartifact"
+	"github.com/cri-o/cri-o/internal/storage"
 	crioann "github.com/cri-o/cri-o/pkg/annotations"
 )
 
@@ -146,7 +147,7 @@ func clearReadOnly(m *rspec.Mount) {
 	m.Options = append(m.Options, "rw")
 }
 
-func (s *Server) addOCIBindMounts(ctx context.Context, ctr ctrfactory.Container, mountLabel string, maybeRelabel, skipRelabel, cgroup2RW, idMapSupport, rroSupport bool, storageRoot, runDir string) ([]oci.ContainerVolume, []rspec.Mount, []*safeMountInfo, error) {
+func (s *Server) addOCIBindMounts(ctx context.Context, ctr ctrfactory.Container, ctrInfo *storage.ContainerInfo, maybeRelabel, skipRelabel, cgroup2RW, idMapSupport, rroSupport bool, storageRoot, runDir string) ([]oci.ContainerVolume, []rspec.Mount, []*safeMountInfo, error) {
 	ctx, span := log.StartSpan(ctx)
 	defer span.End()
 
@@ -212,7 +213,7 @@ func (s *Server) addOCIBindMounts(ctx context.Context, ctr ctrfactory.Container,
 		if m.GetImage().GetImage() != "" {
 			if s.config.OCIArtifactMountSupport {
 				// Try mountArtifact first, and fall back to mountImage if it fails with ErrNotFound
-				artifactVolumes, err := s.mountArtifact(ctx, specgen, m, mountLabel, skipRelabel, maybeRelabel)
+				artifactVolumes, err := s.mountArtifact(ctx, specgen, m, ctrInfo.MountLabel, skipRelabel, maybeRelabel)
 				if err == nil {
 					volumes = append(volumes, artifactVolumes...)
 
@@ -355,7 +356,7 @@ func (s *Server) addOCIBindMounts(ctx context.Context, ctr ctrfactory.Container,
 		if m.SelinuxRelabel {
 			if skipRelabel {
 				log.Debugf(ctx, "Skipping relabel for %s because of super privileged container (type: spc_t)", src)
-			} else if err := securityLabel(src, mountLabel, false, maybeRelabel); err != nil {
+			} else if err := securityLabel(src, ctrInfo.MountLabel, false, maybeRelabel); err != nil {
 				return nil, nil, nil, err
 			}
 		} else {
diff --git a/server/container_create_linux_test.go b/server/container_create_linux_test.go
@@ -1,6 +1,7 @@
 package server
 
 import (
+	"github.com/cri-o/cri-o/internal/storage"
 	"testing"
 
 	types "k8s.io/cri-api/pkg/apis/runtime/v1"
@@ -33,8 +34,11 @@ func TestAddOCIBindsForDev(t *testing.T) {
 	}
 
 	sut := &Server{}
+	ctrInfo := &storage.ContainerInfo{
+		MountLabel: "",
+	}
 
-	_, binds, _, err := sut.addOCIBindMounts(t.Context(), ctr, "", false, false, false, false, false, "", "")
+	_, binds, _, err := sut.addOCIBindMounts(t.Context(), ctr, ctrInfo, false, false, false, false, false, "", "")
 	if err != nil {
 		t.Error(err)
 	}
@@ -85,8 +89,11 @@ func TestAddOCIBindsForSys(t *testing.T) {
 	}
 
 	sut := &Server{}
+	ctrInfo := &storage.ContainerInfo{
+		MountLabel: "",
+	}
 
-	_, binds, _, err := sut.addOCIBindMounts(t.Context(), ctr, "", false, false, false, false, false, "", "")
+	_, binds, _, err := sut.addOCIBindMounts(t.Context(), ctr, ctrInfo, false, false, false, false, false, "", "")
 	if err != nil {
 		t.Error(err)
 	}
@@ -139,8 +146,11 @@ func TestAddOCIBindsRROMounts(t *testing.T) {
 	ctx := t.Context()
 
 	sut := &Server{}
+	ctrInfo := &storage.ContainerInfo{
+		MountLabel: "",
+	}
 
-	_, binds, _, err := sut.addOCIBindMounts(ctx, ctr, "", false, false, false, false, true, "", "")
+	_, binds, _, err := sut.addOCIBindMounts(ctx, ctr, ctrInfo, false, false, false, false, true, "", "")
 	if err != nil {
 		t.Errorf("Should not fail to create RRO mount, got: %v", err)
 	}
@@ -237,8 +247,11 @@ func TestAddOCIBindsRROMountsError(t *testing.T) {
 			}
 
 			sut := &Server{}
+			ctrInfo := &storage.ContainerInfo{
+				MountLabel: "",
+			}
 
-			_, _, _, err = sut.addOCIBindMounts(ctx, ctr, "", false, false, false, false, tc.rroSupport, "", "")
+			_, _, _, err = sut.addOCIBindMounts(ctx, ctr, ctrInfo, false, false, false, false, tc.rroSupport, "", "")
 			if err == nil {
 				t.Error("Should fail to add an RRO mount with a specific error")
 			}
@@ -269,9 +282,12 @@ func TestAddOCIBindsCGroupRW(t *testing.T) {
 	}
 
 	sut := &Server{}
+	ctrInfo := &storage.ContainerInfo{
+		MountLabel: "",
+	}
 
 	//nolint: dogsled
-	_, _, _, err = sut.addOCIBindMounts(t.Context(), ctr, "", false, false, true, false, false, "", "")
+	_, _, _, err = sut.addOCIBindMounts(t.Context(), ctr, ctrInfo, false, false, true, false, false, "", "")
 	if err != nil {
 		t.Error(err)
 	}
@@ -312,7 +328,7 @@ func TestAddOCIBindsCGroupRW(t *testing.T) {
 	var hasCgroupRO bool
 
 	//nolint: dogsled
-	_, _, _, err = sut.addOCIBindMounts(t.Context(), ctr, "", false, false, false, false, false, "", "")
+	_, _, _, err = sut.addOCIBindMounts(t.Context(), ctr, ctrInfo, false, false, false, false, false, "", "")
 	if err != nil {
 		t.Error(err)
 	}
@@ -364,15 +380,18 @@ func TestAddOCIBindsErrorWithoutIDMap(t *testing.T) {
 	}
 
 	sut := &Server{}
+	ctrInfo := &storage.ContainerInfo{
+		MountLabel: "",
+	}
 
 	//nolint: dogsled
-	_, _, _, err = sut.addOCIBindMounts(t.Context(), ctr, "", false, false, false, false, false, "", "")
+	_, _, _, err = sut.addOCIBindMounts(t.Context(), ctr, ctrInfo, false, false, false, false, false, "", "")
 	if err == nil {
 		t.Errorf("Should have failed to create id mapped mount with no id map support")
 	}
 
 	//nolint: dogsled
-	_, _, _, err = sut.addOCIBindMounts(t.Context(), ctr, "", false, false, false, true, false, "", "")
+	_, _, _, err = sut.addOCIBindMounts(t.Context(), ctr, ctrInfo, false, false, false, true, false, "", "")
 	if err != nil {
 		t.Errorf("%v", err)
 	}

Original file line number	Diff line number	Diff line change
`@@ -837,7 +837,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, ctr container.Conta`
`837`	`837`	`}`
`838`	`838`	`}()`
`839`	`839`
`840`		`- containerVolumes, ociMounts, safeMounts, err := s.addOCIBindMounts(ctx, ctr, mountLabel, maybeRelabel, skipRelabel, cgroup2RW, idMapSupport, rroSupport, s.ContainerServer.Config().Root, containerInfo.RunDir)`
	`840`	`+ containerVolumes, ociMounts, safeMounts, err := s.addOCIBindMounts(ctx, ctr, &containerInfo, maybeRelabel, skipRelabel, cgroup2RW, idMapSupport, rroSupport, s.ContainerServer.Config().Root, containerInfo.RunDir)`
`841`	`841`	`if err != nil {`
`842`	`842`	`return nil, err`
`843`	`843`	`}`