kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Fix relabel for SELinux

Browse source 
With the changes merged into runc/libcontainer, are now causing
SELinux to attempt a relabel always, even if the user did not
request the relabel.

If the user does not specify Z or z on the volume mount we should
not attempt a relabel.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Dan Walsh 2015-10-28 15:41:46 -04:00
parent e509fe604c
commit d9011b3617
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
daemon/volumes.go
View file

@ -135,9 +135,10 @@ func (daemon *Daemon) registerMountPoints(container *Container, hostConfig *runc
bind.Driver = v.DriverName() bind.Driver = v.DriverName()
bind = setBindModeIfNull(bind) bind = setBindModeIfNull(bind)
} }
shared := label.IsShared(bind.Mode) if label.RelabelNeeded(bind.Mode) {
if err := label.Relabel(bind.Source, container.MountLabel, shared); err != nil { if err := label.Relabel(bind.Source, container.MountLabel, label.IsShared(bind.Mode)); err != nil {
return err return err
}
} }
binds[bind.Destination] = true binds[bind.Destination] = true
mountPoints[bind.Destination] = bind mountPoints[bind.Destination] = bind