kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Do not return labels when in privileged mode

Browse source 
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
This commit is contained in:
Michael Crosby 2014-04-29 01:08:19 -07:00
parent 64d0f7e39b
commit 1a5ffef6c6
2 changed files with 20 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
daemon/container.go
View file

@ -330,8 +330,8 @@ func populateCommand(c *Container, env []string) {
en *execdriver.Network
context = make(map[string][]string)
)
context["process_label"] = []string{c.ProcessLabel}
context["mount_label"] = []string{c.MountLabel}
context["process_label"] = []string{c.GetProcessLabel()}
context["mount_label"] = []string{c.GetMountLabel()}
en = &execdriver.Network{
Mtu: c.daemon.config.Mtu,
@ -392,7 +392,6 @@ func (container *Container) Start() (err error) {
if err := container.setupContainerDns(); err != nil {
return err
}
if err := container.Mount(); err != nil {
return err
}
@ -1192,3 +1191,19 @@ func (container *Container) allocatePort(eng *engine.Engine, port nat.Port, bind
bindings[port] = binding
return nil
}
func (container *Container) GetProcessLabel() string {
// even if we have a process label return "" if we are running
// in privileged mode
if container.hostConfig.Privileged {
return ""
}
return container.ProcessLabel
}
func (container *Container) GetMountLabel() string {
if container.hostConfig.Privileged {
return ""
}
return container.MountLabel
}

5
daemon/daemon.go
View file

@ -538,10 +538,9 @@ func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *i
}
container.root = daemon.containerRoot(container.ID)
if container.MountLabel, container.ProcessLabel, err = label.GenLabels(""); err != nil {
if container.ProcessLabel, container.MountLabel, err = label.GenLabels(""); err != nil {
return nil, err
}
return container, nil
}
@ -848,7 +847,7 @@ func (daemon *Daemon) Close() error {
}
func (daemon *Daemon) Mount(container *Container) error {
dir, err := daemon.driver.Get(container.ID, container.MountLabel)
dir, err := daemon.driver.Get(container.ID, container.GetMountLabel())
if err != nil {
return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err)
}