(params: DockerResolverParameters)
| 361 | } |
| 362 | |
| 363 | async function isUsingSELinuxLabels(params: DockerResolverParameters): Promise<boolean> { |
| 364 | try { |
| 365 | const { common } = params; |
| 366 | const { cliHost, output } = common; |
| 367 | return params.cliVariant === CLIVariant.Podman && cliHost.platform === 'linux' |
| 368 | && (await runCommandNoPty({ |
| 369 | exec: cliHost.exec, |
| 370 | cmd: 'getenforce', |
| 371 | output, |
| 372 | print: true, |
| 373 | })).stdout.toString().trim() !== 'Disabled' |
| 374 | && (await dockerCLI({ |
| 375 | ...toExecParameters(params), |
| 376 | print: true, |
| 377 | }, 'info', '-f', '{{.Host.Security.SELinuxEnabled}}')).stdout.toString().trim() === 'true'; |
| 378 | } catch { |
| 379 | // If we can't run the commands, assume SELinux is not enabled. |
| 380 | return false; |
| 381 | |
| 382 | } |
| 383 | } |
| 384 | |
| 385 | export function findContainerUsers(imageMetadata: SubstitutedConfig<ImageMetadataEntry[]>, composeServiceUser: string | undefined, imageUser: string) { |
| 386 | const reversed = imageMetadata.config.slice().reverse(); |
no test coverage detected