kotovalexarian-likes-github
/
moby--moby
mirror of https://github.com/moby/moby.git
1
0
Fork 0
Code Releases Activity

Remove hard coding of SELinux labels on systems without proper selinux policy. 

If a system is configured for SELinux but does not know about docker or
containers, then we want the transitions of the policy to work.  Hard coding
the labels causes docker to break on older Fedora and RHEL systems

Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This commit is contained in:
Dan Walsh 2014-04-01 09:24:24 -04:00
parent 6899b05236
commit f9b8161c60
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/selinux/selinux.go
View File

@ -313,12 +313,9 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
return "", ""
}
lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot())
fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0"
processLabel = "system_u:system_r:svirt_lxc_net_t:s0"
in, err := os.Open(lxcPath)
if err != nil {
goto exit
return "", ""
}
defer in.Close()
@ -352,6 +349,11 @@ func GetLxcContexts() (processLabel string, fileLabel string) {
}
}
}
if processLabel == "" || fileLabel == "" {
return "", ""
}
exit:
mcs := IntToMcs(os.Getpid(), 1024)
scon := NewContext(processLabel)