Fix SELinux issue with missing Contexts in lxc execdriver

There is a bug in the SELinux patch for the lxc execdriver, that causes lxc containers to blow up whether or not SELinux is enabled. Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
2022-11-09 12:21:53 -05:00 · 2014-04-02 13:56:30 -04:00 · 2014-04-02 13:56:30 -04:00 · ca4224762b
commit ca4224762b
parent d76ac4d429
2 changed files with 4 additions and 5 deletions
--- a/daemonconfig/config.go
+++ b/daemonconfig/config.go
@ -1,10 +1,9 @@
 package daemonconfig
 import (
 	"net"
 	"github.com/dotcloud/docker/engine"
 	"github.com/dotcloud/docker/runtime/networkdriver"
 	"net"
 )
 const (
--- a/runtime/execdriver/lxc/lxc_template.go
+++ b/runtime/execdriver/lxc/lxc_template.go
@ -32,8 +32,8 @@ lxc.pts = 1024
 lxc.console = none
 {{if getProcessLabel .Context}}
 lxc.se_context = {{ getProcessLabel .Context}}
 {{$MOUNTLABEL := getMountLabel .Context}}
 {{end}}
 {{$MOUNTLABEL := getMountLabel .Context}}
 # no controlling tty at all
 lxc.tty = 1
@ -90,8 +90,8 @@ lxc.mount.entry = sysfs {{escapeFstabSpaces $ROOTFS}}/sys sysfs nosuid,nodev,noe
 lxc.mount.entry = {{.Console}} {{escapeFstabSpaces $ROOTFS}}/dev/console none bind,rw 0 0
 {{end}}
-lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec" "$MOUNTLABEL"}} 0 0
+lxc.mount.entry = devpts {{escapeFstabSpaces $ROOTFS}}/dev/pts devpts {{formatMountLabel "newinstance,ptmxmode=0666,nosuid,noexec" $MOUNTLABEL}} 0 0
-lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec" "$MOUNTLABEL"}} 0 0
+lxc.mount.entry = shm {{escapeFstabSpaces $ROOTFS}}/dev/shm tmpfs {{formatMountLabel "size=65536k,nosuid,nodev,noexec" $MOUNTLABEL}} 0 0
 {{range $value := .Mounts}}
 {{if $value.Writable}}