Browse code
Turn on Security opts including labeling for docker build
Currently docker build is not passing HostConfig to daemon.Create.
this patch creates the default HostConfig and passes it to daemon.Create.
This will cause the SELinux labeling to turn on for docker build. Basically
it causes a SecurtyOpt field to be created. In the future this might also
allow us to use seccomp and UserNamespace with docker build.
Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
Dan Walsh authored on 2015/01/20 02:09:02Showing 1 changed files
| ... | ... |
@@ -91,7 +91,10 @@ func (daemon *Daemon) Create(config *runconfig.Config, hostConfig *runconfig.Hos |
| 91 | 91 |
if warnings, err = daemon.mergeAndVerifyConfig(config, img); err != nil {
|
| 92 | 92 |
return nil, nil, err |
| 93 | 93 |
} |
| 94 |
- if hostConfig != nil && hostConfig.SecurityOpt == nil {
|
|
| 94 |
+ if hostConfig == nil {
|
|
| 95 |
+ hostConfig = &runconfig.HostConfig{}
|
|
| 96 |
+ } |
|
| 97 |
+ if hostConfig.SecurityOpt == nil {
|
|
| 95 | 98 |
hostConfig.SecurityOpt, err = daemon.GenerateSecurityOpt(hostConfig.IpcMode, hostConfig.PidMode) |
| 96 | 99 |
if err != nil {
|
| 97 | 100 |
return nil, nil, err |