Browse code
Ensure that SELinux Options are set when seccomp is already set
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
Mrunal Patel authored on 2016/11/04 01:44:40Showing 2 changed files
| ... | ... |
@@ -248,12 +248,11 @@ func (daemon *Daemon) adaptContainerSettings(hostConfig *containertypes.HostConf |
| 248 | 248 |
hostConfig.ShmSize = container.DefaultSHMSize |
| 249 | 249 |
} |
| 250 | 250 |
var err error |
| 251 |
- if hostConfig.SecurityOpt == nil {
|
|
| 252 |
- hostConfig.SecurityOpt, err = daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode, hostConfig.Privileged) |
|
| 253 |
- if err != nil {
|
|
| 254 |
- return err |
|
| 255 |
- } |
|
| 251 |
+ opts, err := daemon.generateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode, hostConfig.Privileged) |
|
| 252 |
+ if err != nil {
|
|
| 253 |
+ return err |
|
| 256 | 254 |
} |
| 255 |
+ hostConfig.SecurityOpt = append(hostConfig.SecurityOpt, opts...) |
|
| 257 | 256 |
if hostConfig.MemorySwappiness == nil {
|
| 258 | 257 |
defaultSwappiness := int64(-1) |
| 259 | 258 |
hostConfig.MemorySwappiness = &defaultSwappiness |
| ... | ... |
@@ -78,8 +78,10 @@ func (daemon *Daemon) ContainerStart(name string, hostConfig *containertypes.Hos |
| 78 | 78 |
} |
| 79 | 79 |
// Adapt for old containers in case we have updates in this function and |
| 80 | 80 |
// old containers never have chance to call the new function in create stage. |
| 81 |
- if err := daemon.adaptContainerSettings(container.HostConfig, false); err != nil {
|
|
| 82 |
- return err |
|
| 81 |
+ if hostConfig != nil {
|
|
| 82 |
+ if err := daemon.adaptContainerSettings(container.HostConfig, false); err != nil {
|
|
| 83 |
+ return err |
|
| 84 |
+ } |
|
| 83 | 85 |
} |
| 84 | 86 |
|
| 85 | 87 |
return daemon.containerStart(container, checkpoint, checkpointDir, true) |