From 9f06a02eb5190d809c05f702123ac2f56d800919 Mon Sep 17 00:00:00 2001
From: Tymoteusz Blazejczyk <tymoteusz.blazejczyk@tymonx.com>
Date: Sun, 2 Jan 2022 00:37:36 +0100
Subject: [PATCH] Moved bind mode creation to getBindMode function

Added unit tests for all uses cases.

Signed-off-by: Tymoteusz Blazejczyk <tymoteusz.blazejczyk@tymonx.com>
---
 pkg/compose/create.go      | 26 ++++++++++++++++++--------
 pkg/compose/create_test.go |  9 +++++++++
 2 files changed, 27 insertions(+), 8 deletions(-)

diff --git a/pkg/compose/create.go b/pkg/compose/create.go
index f4c5be77b..1bd57cf0e 100644
--- a/pkg/compose/create.go
+++ b/pkg/compose/create.go
@@ -719,14 +719,7 @@ MOUNTS:
 		if m.Type == mount.TypeBind || m.Type == mount.TypeNamedPipe {
 			for _, v := range service.Volumes {
 				if v.Target == m.Target && v.Bind != nil && v.Bind.CreateHostPath {
-					mode := "rw"
-					if m.ReadOnly {
-						mode = "ro"
-					}
-					if v.Bind.SELinux != "" {
-						mode += "," + v.Bind.SELinux
-					}
-					binds = append(binds, fmt.Sprintf("%s:%s:%s", m.Source, m.Target, mode))
+					binds = append(binds, fmt.Sprintf("%s:%s:%s", m.Source, m.Target, getBindMode(v.Bind, m.ReadOnly)))
 					continue MOUNTS
 				}
 			}
@@ -736,6 +729,23 @@ MOUNTS:
 	return volumeMounts, binds, mounts, nil
 }
 
+func getBindMode(bind *types.ServiceVolumeBind, readOnly bool) string {
+	mode := "rw"
+
+	if readOnly {
+		mode = "ro"
+	}
+
+	switch bind.SELinux {
+	case types.SELinuxShared:
+		mode += ",z"
+	case types.SELinuxPrivate:
+		mode += ",Z"
+	}
+
+	return mode
+}
+
 func buildContainerMountOptions(p types.Project, s types.ServiceConfig, img moby.ImageInspect, inherit *moby.Container) ([]mount.Mount, error) {
 	var mounts = map[string]mount.Mount{}
 	if inherit != nil {
diff --git a/pkg/compose/create_test.go b/pkg/compose/create_test.go
index 02736c0bf..254e0b004 100644
--- a/pkg/compose/create_test.go
+++ b/pkg/compose/create_test.go
@@ -142,3 +142,12 @@ func TestBuildContainerMountOptions(t *testing.T) {
 	assert.Equal(t, mounts[0].Target, "/var/myvolume1")
 	assert.Equal(t, mounts[1].Target, "/var/myvolume2")
 }
+
+func TestGetBindMode(t *testing.T) {
+	assert.Equal(t, getBindMode(&composetypes.ServiceVolumeBind{}, false), "rw")
+	assert.Equal(t, getBindMode(&composetypes.ServiceVolumeBind{}, true), "ro")
+	assert.Equal(t, getBindMode(&composetypes.ServiceVolumeBind{SELinux: composetypes.SELinuxShared}, false), "rw,z")
+	assert.Equal(t, getBindMode(&composetypes.ServiceVolumeBind{SELinux: composetypes.SELinuxPrivate}, false), "rw,Z")
+	assert.Equal(t, getBindMode(&composetypes.ServiceVolumeBind{SELinux: composetypes.SELinuxShared}, true), "ro,z")
+	assert.Equal(t, getBindMode(&composetypes.ServiceVolumeBind{SELinux: composetypes.SELinuxPrivate}, true), "ro,Z")
+}