Do not return labels when in privileged mode
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby
parent
64d0f7e39b
commit
1a5ffef6c6
|
|
@ -330,8 +330,8 @@ func populateCommand(c *Container, env []string) {
|
|||
en *execdriver.Network
|
||||
context = make(map[string][]string)
|
||||
)
|
||||
context["process_label"] = []string{c.ProcessLabel}
|
||||
context["mount_label"] = []string{c.MountLabel}
|
||||
context["process_label"] = []string{c.GetProcessLabel()}
|
||||
context["mount_label"] = []string{c.GetMountLabel()}
|
||||
|
||||
en = &execdriver.Network{
|
||||
Mtu: c.daemon.config.Mtu,
|
||||
|
|
@ -392,7 +392,6 @@ func (container *Container) Start() (err error) {
|
|||
if err := container.setupContainerDns(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := container.Mount(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -1192,3 +1191,19 @@ func (container *Container) allocatePort(eng *engine.Engine, port nat.Port, bind
|
|||
bindings[port] = binding
|
||||
return nil
|
||||
}
|
||||
|
||||
func (container *Container) GetProcessLabel() string {
|
||||
// even if we have a process label return "" if we are running
|
||||
// in privileged mode
|
||||
if container.hostConfig.Privileged {
|
||||
return ""
|
||||
}
|
||||
return container.ProcessLabel
|
||||
}
|
||||
|
||||
func (container *Container) GetMountLabel() string {
|
||||
if container.hostConfig.Privileged {
|
||||
return ""
|
||||
}
|
||||
return container.MountLabel
|
||||
}
|
||||
|
|
|
|||
|
|
@ -538,10 +538,9 @@ func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *i
|
|||
}
|
||||
container.root = daemon.containerRoot(container.ID)
|
||||
|
||||
if container.MountLabel, container.ProcessLabel, err = label.GenLabels(""); err != nil {
|
||||
if container.ProcessLabel, container.MountLabel, err = label.GenLabels(""); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return container, nil
|
||||
}
|
||||
|
||||
|
|
@ -848,7 +847,7 @@ func (daemon *Daemon) Close() error {
|
|||
}
|
||||
|
||||
func (daemon *Daemon) Mount(container *Container) error {
|
||||
dir, err := daemon.driver.Get(container.ID, container.MountLabel)
|
||||
dir, err := daemon.driver.Get(container.ID, container.GetMountLabel())
|
||||
if err != nil {
|
||||
return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue