Browse code
Label content created for containers with the private label
Currently this content gets a system label and is not writable based on
SELinux controls. This patch will set the labels to the correct label.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Dan Walsh authored on 2014/11/21 07:20:26Showing 1 changed files
| ... | ... |
@@ -15,6 +15,7 @@ import ( |
| 15 | 15 |
"github.com/docker/docker/pkg/chrootarchive" |
| 16 | 16 |
"github.com/docker/docker/pkg/symlink" |
| 17 | 17 |
"github.com/docker/docker/volumes" |
| 18 |
+ "github.com/docker/libcontainer/label" |
|
| 18 | 19 |
) |
| 19 | 20 |
|
| 20 | 21 |
type Mount struct {
|
| ... | ... |
@@ -235,15 +236,24 @@ func validMountMode(mode string) bool {
|
| 235 | 235 |
} |
| 236 | 236 |
|
| 237 | 237 |
func (container *Container) setupMounts() error {
|
| 238 |
+ if err := label.SetFileLabel(container.ResolvConfPath, container.MountLabel); err != nil {
|
|
| 239 |
+ return err |
|
| 240 |
+ } |
|
| 238 | 241 |
mounts := []execdriver.Mount{
|
| 239 | 242 |
{Source: container.ResolvConfPath, Destination: "/etc/resolv.conf", Writable: true, Private: true},
|
| 240 | 243 |
} |
| 241 | 244 |
|
| 242 | 245 |
if container.HostnamePath != "" {
|
| 246 |
+ if err := label.SetFileLabel(container.HostnamePath, container.MountLabel); err != nil {
|
|
| 247 |
+ return err |
|
| 248 |
+ } |
|
| 243 | 249 |
mounts = append(mounts, execdriver.Mount{Source: container.HostnamePath, Destination: "/etc/hostname", Writable: true, Private: true})
|
| 244 | 250 |
} |
| 245 | 251 |
|
| 246 | 252 |
if container.HostsPath != "" {
|
| 253 |
+ if err := label.SetFileLabel(container.HostsPath, container.MountLabel); err != nil {
|
|
| 254 |
+ return err |
|
| 255 |
+ } |
|
| 247 | 256 |
mounts = append(mounts, execdriver.Mount{Source: container.HostsPath, Destination: "/etc/hosts", Writable: true, Private: true})
|
| 248 | 257 |
} |
| 249 | 258 |
|