GitList

Browse code

Do not return labels when in privileged mode Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)

Michael Crosby authored on 2014/04/29 17:08:19
Showing 2 changed files

daemon/container.go index 17eaac7..5e4b72b 100644
daemon/daemon.go index cdd1bb9..64a5398 100644

@@ -330,8 +330,8 @@ func populateCommand(c *Container, env []string) {
                      		en      *execdriver.Network
                      		context = make(map[string][]string)
+                     	)
                     -	context["process_label"] = []string{c.ProcessLabel}
                     -	context["mount_label"] = []string{c.MountLabel}
                     +	context["process_label"] = []string{c.GetProcessLabel()}
                     +	context["mount_label"] = []string{c.GetMountLabel()}
                      	en = &execdriver.Network{
                      		Mtu:       c.daemon.config.Mtu,
@@ -392,7 +392,6 @@ func (container *Container) Start() (err error) {
                      	if err := container.setupContainerDns(); err != nil {
                      		return err
+                     	}
+                    -
                      	if err := container.Mount(); err != nil {
                      		return err
+                     	}
@@ -1192,3 +1191,19 @@ func (container *Container) allocatePort(eng *engine.Engine, port nat.Port, bind
                      	bindings[port] = binding
                      	return nil
+                     }
+                    +
                     +func (container *Container) GetProcessLabel() string {
                     +	// even if we have a process label return "" if we are running
                     +	// in privileged mode
                     +	if container.hostConfig.Privileged {
                     +		return ""
                     +	}
                     +	return container.ProcessLabel
                     +}
+                    +
                     +func (container *Container) GetMountLabel() string {
                     +	if container.hostConfig.Privileged {
                     +		return ""
                     +	}
                     +	return container.MountLabel
                     +}

daemon/daemon.go

History View file @ 1a5ffef

@@ -538,10 +538,9 @@ func (daemon *Daemon) newContainer(name string, config *runconfig.Config, img *i
 	}
 	container.root = daemon.containerRoot(container.ID)
 
-	if container.MountLabel, container.ProcessLabel, err = label.GenLabels(""); err != nil {
+	if container.ProcessLabel, container.MountLabel, err = label.GenLabels(""); err != nil {
 		return nil, err
 	}
-
 	return container, nil
 }
 
@@ -848,7 +847,7 @@ func (daemon *Daemon) Close() error {
 }
 
 func (daemon *Daemon) Mount(container *Container) error {
-	dir, err := daemon.driver.Get(container.ID, container.MountLabel)
+	dir, err := daemon.driver.Get(container.ID, container.GetMountLabel())
 	if err != nil {
 		return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err)
 	}

...	...	@@ -538,10 +538,9 @@ func (daemon Daemon) newContainer(name string, config runconfig.Config, img *i
538	538	}
539	539	container.root = daemon.containerRoot(container.ID)
540	540
541		- if container.MountLabel, container.ProcessLabel, err = label.GenLabels(""); err != nil {
	541	+ if container.ProcessLabel, container.MountLabel, err = label.GenLabels(""); err != nil {
542	542	return nil, err
543	543	}
544		-
545	544	return container, nil
546	545	}
547	546
...	...	@@ -848,7 +847,7 @@ func (daemon *Daemon) Close() error {
848	848	}
849	849
850	850	func (daemon Daemon) Mount(container Container) error {
851		- dir, err := daemon.driver.Get(container.ID, container.MountLabel)
	851	+ dir, err := daemon.driver.Get(container.ID, container.GetMountLabel())
852	852	if err != nil {
853	853	return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err)
854	854	}