From 50ea94e79526ab5c503ee6516a3a0512e3b87e25 Mon Sep 17 00:00:00 2001 From: Albert Date: Wed, 5 Aug 2020 07:50:56 +0200 Subject: [PATCH] fix(core): bundling with selinux --- packages/@aws-cdk/core/lib/bundling.ts | 2 +- packages/@aws-cdk/core/test/test.bundling.ts | 2 +- packages/@aws-cdk/core/test/test.staging.ts | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/packages/@aws-cdk/core/lib/bundling.ts b/packages/@aws-cdk/core/lib/bundling.ts index 6a90d5dbb742a..9ebf21ef6e25f 100644 --- a/packages/@aws-cdk/core/lib/bundling.ts +++ b/packages/@aws-cdk/core/lib/bundling.ts @@ -112,7 +112,7 @@ export class BundlingDockerImage { ...options.user ? ['-u', options.user] : [], - ...flatten(volumes.map(v => ['-v', `${v.hostPath}:${v.containerPath}:${v.consistency ?? DockerVolumeConsistency.DELEGATED}`])), + ...flatten(volumes.map(v => ['-v', `${v.hostPath}:${v.containerPath}:z,${v.consistency ?? DockerVolumeConsistency.DELEGATED}`])), ...flatten(Object.entries(environment).map(([k, v]) => ['--env', `${k}=${v}`])), ...options.workingDirectory ? ['-w', options.workingDirectory] diff --git a/packages/@aws-cdk/core/test/test.bundling.ts b/packages/@aws-cdk/core/test/test.bundling.ts index 23be648de03b7..4e0b06353339e 100644 --- a/packages/@aws-cdk/core/test/test.bundling.ts +++ b/packages/@aws-cdk/core/test/test.bundling.ts @@ -34,7 +34,7 @@ export = { test.ok(spawnSyncStub.calledWith('docker', [ 'run', '--rm', '-u', 'user:group', - '-v', '/host-path:/container-path:delegated', + '-v', '/host-path:/container-path:z,delegated', '--env', 'VAR1=value1', '--env', 'VAR2=value2', '-w', '/working-directory', diff --git a/packages/@aws-cdk/core/test/test.staging.ts b/packages/@aws-cdk/core/test/test.staging.ts index 6fb2a6f80ab4b..602f2f7629156 100644 --- a/packages/@aws-cdk/core/test/test.staging.ts +++ b/packages/@aws-cdk/core/test/test.staging.ts @@ -123,7 +123,7 @@ export = { const assembly = app.synth(); test.deepEqual( readDockerStubInput(), - `run --rm ${USER_ARG} -v /input:/asset-input:delegated -v /output:/asset-output:delegated -w /asset-input alpine DOCKER_STUB_SUCCESS`, + `run --rm ${USER_ARG} -v /input:/asset-input:z,delegated -v /output:/asset-output:z,delegated -w /asset-input alpine DOCKER_STUB_SUCCESS`, ); test.deepEqual(fs.readdirSync(assembly.directory), [ 'asset.2f37f937c51e2c191af66acf9b09f548926008ec68c575bd2ee54b6e997c0e00', @@ -162,7 +162,7 @@ export = { test.equal( readDockerStubInput(), - `run --rm ${USER_ARG} -v /input:/asset-input:delegated -v /output:/asset-output:delegated -w /asset-input alpine DOCKER_STUB_SUCCESS_NO_OUTPUT`, + `run --rm ${USER_ARG} -v /input:/asset-input:z,delegated -v /output:/asset-output:z,delegated -w /asset-input alpine DOCKER_STUB_SUCCESS_NO_OUTPUT`, ); test.done(); }, @@ -186,7 +186,7 @@ export = { // THEN test.equal( readDockerStubInput(), - `run --rm ${USER_ARG} -v /input:/asset-input:delegated -v /output:/asset-output:delegated -w /asset-input alpine DOCKER_STUB_SUCCESS`, + `run --rm ${USER_ARG} -v /input:/asset-input:z,delegated -v /output:/asset-output:z,delegated -w /asset-input alpine DOCKER_STUB_SUCCESS`, ); test.equal(asset.assetHash, '33cbf2cae5432438e0f046bc45ba8c3cef7b6afcf47b59d1c183775c1918fb1f'); @@ -230,7 +230,7 @@ export = { }), /Cannot specify `bundle` for `assetHashType`/); test.equal( readDockerStubInput(), - `run --rm ${USER_ARG} -v /input:/asset-input:delegated -v /output:/asset-output:delegated -w /asset-input alpine DOCKER_STUB_SUCCESS`, + `run --rm ${USER_ARG} -v /input:/asset-input:z,delegated -v /output:/asset-output:z,delegated -w /asset-input alpine DOCKER_STUB_SUCCESS`, ); test.done(); @@ -284,7 +284,7 @@ export = { }), /Failed to run bundling Docker image for asset stack\/Asset/); test.equal( readDockerStubInput(), - `run --rm ${USER_ARG} -v /input:/asset-input:delegated -v /output:/asset-output:delegated -w /asset-input this-is-an-invalid-docker-image DOCKER_STUB_FAIL`, + `run --rm ${USER_ARG} -v /input:/asset-input:z,delegated -v /output:/asset-output:z,delegated -w /asset-input this-is-an-invalid-docker-image DOCKER_STUB_FAIL`, ); test.done();