kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Merge pull request #22993 from rhatdan/relabel

Browse source 
Multiple fixes for SELinux labels.
This commit is contained in:
Brian Goff 2016-05-26 22:51:17 -04:00
commit 3f6fa8af45
3 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
container/container_unix.go
View file

@ -118,7 +118,9 @@ func (container *Container) NetworkMounts() []Mount {
if _, err := os.Stat(container.ResolvConfPath); err != nil { if _, err := os.Stat(container.ResolvConfPath); err != nil {
logrus.Warnf("ResolvConfPath set to %q, but can't stat this filename (err = %v); skipping", container.ResolvConfPath, err) logrus.Warnf("ResolvConfPath set to %q, but can't stat this filename (err = %v); skipping", container.ResolvConfPath, err)
} else { } else {
if !container.HasMountFor("/etc/resolv.conf") {
label.Relabel(container.ResolvConfPath, container.MountLabel, shared) label.Relabel(container.ResolvConfPath, container.MountLabel, shared)
}
writable := !container.HostConfig.ReadonlyRootfs writable := !container.HostConfig.ReadonlyRootfs
if m, exists := container.MountPoints["/etc/resolv.conf"]; exists { if m, exists := container.MountPoints["/etc/resolv.conf"]; exists {
writable = m.RW writable = m.RW
@ -135,7 +137,9 @@ func (container *Container) NetworkMounts() []Mount {
if _, err := os.Stat(container.HostnamePath); err != nil { if _, err := os.Stat(container.HostnamePath); err != nil {
logrus.Warnf("HostnamePath set to %q, but can't stat this filename (err = %v); skipping", container.HostnamePath, err) logrus.Warnf("HostnamePath set to %q, but can't stat this filename (err = %v); skipping", container.HostnamePath, err)
} else { } else {
if !container.HasMountFor("/etc/hostname") {
label.Relabel(container.HostnamePath, container.MountLabel, shared) label.Relabel(container.HostnamePath, container.MountLabel, shared)
}
writable := !container.HostConfig.ReadonlyRootfs writable := !container.HostConfig.ReadonlyRootfs
if m, exists := container.MountPoints["/etc/hostname"]; exists { if m, exists := container.MountPoints["/etc/hostname"]; exists {
writable = m.RW writable = m.RW
@ -152,7 +156,9 @@ func (container *Container) NetworkMounts() []Mount {
if _, err := os.Stat(container.HostsPath); err != nil { if _, err := os.Stat(container.HostsPath); err != nil {
logrus.Warnf("HostsPath set to %q, but can't stat this filename (err = %v); skipping", container.HostsPath, err) logrus.Warnf("HostsPath set to %q, but can't stat this filename (err = %v); skipping", container.HostsPath, err)
} else { } else {
if !container.HasMountFor("/etc/hosts") {
label.Relabel(container.HostsPath, container.MountLabel, shared) label.Relabel(container.HostsPath, container.MountLabel, shared)
}
writable := !container.HostConfig.ReadonlyRootfs writable := !container.HostConfig.ReadonlyRootfs
if m, exists := container.MountPoints["/etc/hosts"]; exists { if m, exists := container.MountPoints["/etc/hosts"]; exists {
writable = m.RW writable = m.RW

4
daemon/create.go
View file

@ -142,8 +142,8 @@ func (daemon *Daemon) create(params types.ContainerCreateConfig) (retC *containe
return container, nil return container, nil
} }
func (daemon *Daemon) generateSecurityOpt(ipcMode containertypes.IpcMode, pidMode containertypes.PidMode) ([]string, error) { func (daemon *Daemon) generateSecurityOpt(ipcMode containertypes.IpcMode, pidMode containertypes.PidMode, privileged bool) ([]string, error) {
if ipcMode.IsHost() || pidMode.IsHost() { if ipcMode.IsHost() || pidMode.IsHost() || privileged {
return label.DisableSecOpt(), nil return label.DisableSecOpt(), nil
} }

2
daemon/daemon_unix.go
View file

@ -247,7 +247,7 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf
} }
var err error var err error
if hostConfig.SecurityOpt == nil { if hostConfig.SecurityOpt == nil {
hostConfig.SecurityOpt, err = daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode) hostConfig.SecurityOpt, err = daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode, hostConfig.Privileged)
if err != nil { if err != nil {
return err return err
} }