Relabel config files.
Without relabel these files, SELinux-enabled containers will show "permission denied" errors for configuration files mounted with `docker server create ... --config ... ...`. Signed-off-by: Wenxuan Zhao <viz@linux.com>
This commit is contained in:
parent
975675e924
commit
472c03a8c3
|
@ -307,6 +307,8 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
|
||||||
if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
|
if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
|
||||||
return errors.Wrap(err, "error setting ownership for config")
|
return errors.Wrap(err, "error setting ownership for config")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
label.Relabel(fPath, c.MountLabel, false)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
|
|
Loading…
Reference in New Issue