From 4c10c2ded38031b20f5a0a409dd24643625fa878 Mon Sep 17 00:00:00 2001 From: Mrunal Patel Date: Thu, 3 Nov 2016 09:44:40 -0700 Subject: [PATCH] Ensure that SELinux Options are set when seccomp is already set Signed-off-by: Mrunal Patel --- daemon/daemon_unix.go | 9 ++++----- daemon/start.go | 6 ++++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go index b6b5018c39..55570bbdd5 100644 --- a/daemon/daemon_unix.go +++ b/daemon/daemon_unix.go @@ -248,12 +248,11 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf hostConfig.ShmSize = container.DefaultSHMSize } var err error - if hostConfig.SecurityOpt == nil { - hostConfig.SecurityOpt, err = daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode, hostConfig.Privileged) - if err != nil { - return err - } + opts, err := daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode, hostConfig.Privileged) + if err != nil { + return err } + hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, opts...) if hostConfig.MemorySwappiness == nil { defaultSwappiness := int64(-1) hostConfig.MemorySwappiness = &defaultSwappiness diff --git a/daemon/start.go b/daemon/start.go index bef25d5c39..607609c8e0 100644 --- a/daemon/start.go +++ b/daemon/start.go @@ -78,8 +78,10 @@ func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.Hos } // Adapt for old containers in case we have updates in this function and // old containers never have chance to call the new function in create stage. - if err := daemon.adaptContainerSettings(container.HostConfig, false); err != nil { - return err + if hostConfig != nil { + if err := daemon.adaptContainerSettings(container.HostConfig, false); err != nil { + return err + } } return daemon.containerStart(container, checkpoint, checkpointDir, true)