GitList

Browse code

daemon: relabel secrets path

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
(cherry picked from commit b11af7b2f686fe3724d0cfce260000a3d2b8fbc1)
Signed-off-by: Victor Vieux <victorvieux@gmail.com>

Antonio Murdaca authored on 2017/04/12 00:43:23
Showing 1 changed files

daemon/container_operations_unix.go index 67b3ee3..17d5a06 100644

daemon/container_operations_unix.go

History View file @ df996a9

@@ -214,6 +214,8 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		}
 	}
 
+	label.Relabel(localMountPath, c.MountLabel, false)
+
 	// remount secrets ro
 	if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil {
 		return errors.Wrap(err, "unable to remount secret dir as readonly")

...	...	@@ -214,6 +214,8 @@ func (daemon Daemon) setupSecretDir(c container.Container) (setupErr error) {
214	214	}
215	215	}
216	216
	217	+ label.Relabel(localMountPath, c.MountLabel, false)
	218	+
217	219	// remount secrets ro
218	220	if err := mount.Mount("tmpfs", localMountPath, "tmpfs", "remount,ro,"+tmpfsOwnership); err != nil {
219	221	return errors.Wrap(err, "unable to remount secret dir as readonly")