This has every container using the docker daemon's pid for the processes
label so it does not work correctly.
Docker-DCO-1.1-Signed-off-by: Michael Crosby <michael@crosbymichael.com> (github: crosbymichael)
... | ... |
@@ -11,6 +11,7 @@ import ( |
11 | 11 |
"github.com/dotcloud/docker/image" |
12 | 12 |
"github.com/dotcloud/docker/links" |
13 | 13 |
"github.com/dotcloud/docker/nat" |
14 |
+ "github.com/dotcloud/docker/pkg/selinux" |
|
14 | 15 |
"github.com/dotcloud/docker/runconfig" |
15 | 16 |
"github.com/dotcloud/docker/utils" |
16 | 17 |
"io" |
... | ... |
@@ -64,7 +65,8 @@ type Container struct { |
64 | 64 |
stdin io.ReadCloser |
65 | 65 |
stdinPipe io.WriteCloser |
66 | 66 |
|
67 |
- daemon *Daemon |
|
67 |
+ daemon *Daemon |
|
68 |
+ mountLabel, processLabel string |
|
68 | 69 |
|
69 | 70 |
waitLock chan struct{} |
70 | 71 |
Volumes map[string]string |
... | ... |
@@ -320,9 +322,11 @@ func (container *Container) Attach(stdin io.ReadCloser, stdinCloser io.Closer, s |
320 | 320 |
|
321 | 321 |
func populateCommand(c *Container, env []string) { |
322 | 322 |
var ( |
323 |
- en *execdriver.Network |
|
324 |
- driverConfig = make(map[string][]string) |
|
323 |
+ en *execdriver.Network |
|
324 |
+ context = make(map[string][]string) |
|
325 | 325 |
) |
326 |
+ context["process_label"] = []string{c.processLabel} |
|
327 |
+ context["mount_label"] = []string{c.mountLabel} |
|
326 | 328 |
|
327 | 329 |
en = &execdriver.Network{ |
328 | 330 |
Mtu: c.daemon.config.Mtu, |
... | ... |
@@ -340,7 +344,7 @@ func populateCommand(c *Container, env []string) { |
340 | 340 |
} |
341 | 341 |
|
342 | 342 |
// TODO: this can be removed after lxc-conf is fully deprecated |
343 |
- mergeLxcConfIntoOptions(c.hostConfig, driverConfig) |
|
343 |
+ mergeLxcConfIntoOptions(c.hostConfig, context) |
|
344 | 344 |
|
345 | 345 |
resources := &execdriver.Resources{ |
346 | 346 |
Memory: c.Config.Memory, |
... | ... |
@@ -358,7 +362,7 @@ func populateCommand(c *Container, env []string) { |
358 | 358 |
Network: en, |
359 | 359 |
Tty: c.Config.Tty, |
360 | 360 |
User: c.Config.User, |
361 |
- Config: driverConfig, |
|
361 |
+ Config: context, |
|
362 | 362 |
Resources: resources, |
363 | 363 |
} |
364 | 364 |
c.command.SysProcAttr = &syscall.SysProcAttr{Setsid: true} |
... | ... |
@@ -383,6 +387,12 @@ func (container *Container) Start() (err error) { |
383 | 383 |
if err := container.setupContainerDns(); err != nil { |
384 | 384 |
return err |
385 | 385 |
} |
386 |
+ |
|
387 |
+ process, mount := selinux.GetLxcContexts() |
|
388 |
+ |
|
389 |
+ container.mountLabel = mount |
|
390 |
+ container.processLabel = process |
|
391 |
+ |
|
386 | 392 |
if err := container.Mount(); err != nil { |
387 | 393 |
return err |
388 | 394 |
} |
... | ... |
@@ -543,10 +543,10 @@ func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error |
543 | 543 |
return err |
544 | 544 |
} |
545 | 545 |
initID := fmt.Sprintf("%s-init", container.ID) |
546 |
- if err := daemon.driver.Create(initID, img.ID, ""); err != nil { |
|
546 |
+ if err := daemon.driver.Create(initID, img.ID); err != nil { |
|
547 | 547 |
return err |
548 | 548 |
} |
549 |
- initPath, err := daemon.driver.Get(initID) |
|
549 |
+ initPath, err := daemon.driver.Get(initID, "") |
|
550 | 550 |
if err != nil { |
551 | 551 |
return err |
552 | 552 |
} |
... | ... |
@@ -556,7 +556,7 @@ func (daemon *Daemon) createRootfs(container *Container, img *image.Image) error |
556 | 556 |
return err |
557 | 557 |
} |
558 | 558 |
|
559 |
- if err := daemon.driver.Create(container.ID, initID, ""); err != nil { |
|
559 |
+ if err := daemon.driver.Create(container.ID, initID); err != nil { |
|
560 | 560 |
return err |
561 | 561 |
} |
562 | 562 |
return nil |
... | ... |
@@ -670,7 +670,6 @@ func NewDaemonFromDirectory(config *daemonconfig.Config, eng *engine.Engine) (*D |
670 | 670 |
if !config.EnableSelinuxSupport { |
671 | 671 |
selinux.SetDisabled() |
672 | 672 |
} |
673 |
- |
|
674 | 673 |
// Set the default driver |
675 | 674 |
graphdriver.DefaultDriver = config.GraphDriver |
676 | 675 |
|
... | ... |
@@ -840,7 +839,7 @@ func (daemon *Daemon) Close() error { |
840 | 840 |
} |
841 | 841 |
|
842 | 842 |
func (daemon *Daemon) Mount(container *Container) error { |
843 |
- dir, err := daemon.driver.Get(container.ID) |
|
843 |
+ dir, err := daemon.driver.Get(container.ID, container.mountLabel) |
|
844 | 844 |
if err != nil { |
845 | 845 |
return fmt.Errorf("Error getting container %s from driver %s: %s", container.ID, daemon.driver, err) |
846 | 846 |
} |
... | ... |
@@ -862,12 +861,12 @@ func (daemon *Daemon) Changes(container *Container) ([]archive.Change, error) { |
862 | 862 |
if differ, ok := daemon.driver.(graphdriver.Differ); ok { |
863 | 863 |
return differ.Changes(container.ID) |
864 | 864 |
} |
865 |
- cDir, err := daemon.driver.Get(container.ID) |
|
865 |
+ cDir, err := daemon.driver.Get(container.ID, "") |
|
866 | 866 |
if err != nil { |
867 | 867 |
return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) |
868 | 868 |
} |
869 | 869 |
defer daemon.driver.Put(container.ID) |
870 |
- initDir, err := daemon.driver.Get(container.ID + "-init") |
|
870 |
+ initDir, err := daemon.driver.Get(container.ID+"-init", "") |
|
871 | 871 |
if err != nil { |
872 | 872 |
return nil, fmt.Errorf("Error getting container init rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) |
873 | 873 |
} |
... | ... |
@@ -885,7 +884,7 @@ func (daemon *Daemon) Diff(container *Container) (archive.Archive, error) { |
885 | 885 |
return nil, err |
886 | 886 |
} |
887 | 887 |
|
888 |
- cDir, err := daemon.driver.Get(container.ID) |
|
888 |
+ cDir, err := daemon.driver.Get(container.ID, "") |
|
889 | 889 |
if err != nil { |
890 | 890 |
return nil, fmt.Errorf("Error getting container rootfs %s from driver %s: %s", container.ID, container.daemon.driver, err) |
891 | 891 |
} |
... | ... |
@@ -8,7 +8,6 @@ import ( |
8 | 8 |
"github.com/dotcloud/docker/daemon/execdriver/native/configuration" |
9 | 9 |
"github.com/dotcloud/docker/daemon/execdriver/native/template" |
10 | 10 |
"github.com/dotcloud/docker/pkg/apparmor" |
11 |
- "github.com/dotcloud/docker/pkg/label" |
|
12 | 11 |
"github.com/dotcloud/docker/pkg/libcontainer" |
13 | 12 |
) |
14 | 13 |
|
... | ... |
@@ -119,14 +118,7 @@ func (d *driver) setupMounts(container *libcontainer.Container, c *execdriver.Co |
119 | 119 |
} |
120 | 120 |
|
121 | 121 |
func (d *driver) setupLabels(container *libcontainer.Container, c *execdriver.Command) error { |
122 |
- labels := c.Config["label"] |
|
123 |
- if len(labels) > 0 { |
|
124 |
- process, mount, err := label.GenLabels(labels[0]) |
|
125 |
- if err != nil { |
|
126 |
- return err |
|
127 |
- } |
|
128 |
- container.Context["mount_label"] = mount |
|
129 |
- container.Context["process_label"] = process |
|
130 |
- } |
|
122 |
+ container.Context["process_label"] = c.Config["process_label"][0] |
|
123 |
+ container.Context["mount_label"] = c.Config["mount_label"][0] |
|
131 | 124 |
return nil |
132 | 125 |
} |
... | ... |
@@ -25,6 +25,7 @@ import ( |
25 | 25 |
"fmt" |
26 | 26 |
"github.com/dotcloud/docker/archive" |
27 | 27 |
"github.com/dotcloud/docker/daemon/graphdriver" |
28 |
+ "github.com/dotcloud/docker/pkg/label" |
|
28 | 29 |
mountpk "github.com/dotcloud/docker/pkg/mount" |
29 | 30 |
"github.com/dotcloud/docker/utils" |
30 | 31 |
"os" |
... | ... |
@@ -134,7 +135,7 @@ func (a Driver) Exists(id string) bool { |
134 | 134 |
|
135 | 135 |
// Three folders are created for each id |
136 | 136 |
// mnt, layers, and diff |
137 |
-func (a *Driver) Create(id, parent string, mountLabel string) error { |
|
137 |
+func (a *Driver) Create(id, parent string) error { |
|
138 | 138 |
if err := a.createDirsFor(id); err != nil { |
139 | 139 |
return err |
140 | 140 |
} |
... | ... |
@@ -218,7 +219,7 @@ func (a *Driver) Remove(id string) error { |
218 | 218 |
|
219 | 219 |
// Return the rootfs path for the id |
220 | 220 |
// This will mount the dir at it's given path |
221 |
-func (a *Driver) Get(id string) (string, error) { |
|
221 |
+func (a *Driver) Get(id, mountLabel string) (string, error) { |
|
222 | 222 |
ids, err := getParentIds(a.rootPath(), id) |
223 | 223 |
if err != nil { |
224 | 224 |
if !os.IsNotExist(err) { |
... | ... |
@@ -240,7 +241,7 @@ func (a *Driver) Get(id string) (string, error) { |
240 | 240 |
out = path.Join(a.rootPath(), "mnt", id) |
241 | 241 |
|
242 | 242 |
if count == 0 { |
243 |
- if err := a.mount(id); err != nil { |
|
243 |
+ if err := a.mount(id, mountLabel); err != nil { |
|
244 | 244 |
return "", err |
245 | 245 |
} |
246 | 246 |
} |
... | ... |
@@ -309,7 +310,7 @@ func (a *Driver) getParentLayerPaths(id string) ([]string, error) { |
309 | 309 |
return layers, nil |
310 | 310 |
} |
311 | 311 |
|
312 |
-func (a *Driver) mount(id string) error { |
|
312 |
+func (a *Driver) mount(id, mountLabel string) error { |
|
313 | 313 |
// If the id is mounted or we get an error return |
314 | 314 |
if mounted, err := a.mounted(id); err != nil || mounted { |
315 | 315 |
return err |
... | ... |
@@ -325,7 +326,7 @@ func (a *Driver) mount(id string) error { |
325 | 325 |
return err |
326 | 326 |
} |
327 | 327 |
|
328 |
- if err := a.aufsMount(layers, rw, target); err != nil { |
|
328 |
+ if err := a.aufsMount(layers, rw, target, mountLabel); err != nil { |
|
329 | 329 |
return err |
330 | 330 |
} |
331 | 331 |
return nil |
... | ... |
@@ -358,21 +359,21 @@ func (a *Driver) Cleanup() error { |
358 | 358 |
return nil |
359 | 359 |
} |
360 | 360 |
|
361 |
-func (a *Driver) aufsMount(ro []string, rw, target string) (err error) { |
|
361 |
+func (a *Driver) aufsMount(ro []string, rw, target, mountLabel string) (err error) { |
|
362 | 362 |
defer func() { |
363 | 363 |
if err != nil { |
364 | 364 |
Unmount(target) |
365 | 365 |
} |
366 | 366 |
}() |
367 | 367 |
|
368 |
- if err = a.tryMount(ro, rw, target); err != nil { |
|
369 |
- if err = a.mountRw(rw, target); err != nil { |
|
368 |
+ if err = a.tryMount(ro, rw, target, mountLabel); err != nil { |
|
369 |
+ if err = a.mountRw(rw, target, mountLabel); err != nil { |
|
370 | 370 |
return |
371 | 371 |
} |
372 | 372 |
|
373 | 373 |
for _, layer := range ro { |
374 |
- branch := fmt.Sprintf("append:%s=ro+wh", layer) |
|
375 |
- if err = mount("none", target, "aufs", MsRemount, branch); err != nil { |
|
374 |
+ data := label.FormatMountLabel(fmt.Sprintf("append:%s=ro+wh", layer), mountLabel) |
|
375 |
+ if err = mount("none", target, "aufs", MsRemount, data); err != nil { |
|
376 | 376 |
return |
377 | 377 |
} |
378 | 378 |
} |
... | ... |
@@ -382,16 +383,18 @@ func (a *Driver) aufsMount(ro []string, rw, target string) (err error) { |
382 | 382 |
|
383 | 383 |
// Try to mount using the aufs fast path, if this fails then |
384 | 384 |
// append ro layers. |
385 |
-func (a *Driver) tryMount(ro []string, rw, target string) (err error) { |
|
385 |
+func (a *Driver) tryMount(ro []string, rw, target, mountLabel string) (err error) { |
|
386 | 386 |
var ( |
387 | 387 |
rwBranch = fmt.Sprintf("%s=rw", rw) |
388 | 388 |
roBranches = fmt.Sprintf("%s=ro+wh:", strings.Join(ro, "=ro+wh:")) |
389 |
+ data = label.FormatMountLabel(fmt.Sprintf("br:%v:%v,xino=/dev/shm/aufs.xino", rwBranch, roBranches), mountLabel) |
|
389 | 390 |
) |
390 |
- return mount("none", target, "aufs", 0, fmt.Sprintf("br:%v:%v,xino=/dev/shm/aufs.xino", rwBranch, roBranches)) |
|
391 |
+ return mount("none", target, "aufs", 0, data) |
|
391 | 392 |
} |
392 | 393 |
|
393 |
-func (a *Driver) mountRw(rw, target string) error { |
|
394 |
- return mount("none", target, "aufs", 0, fmt.Sprintf("br:%s,xino=/dev/shm/aufs.xino", rw)) |
|
394 |
+func (a *Driver) mountRw(rw, target, mountLabel string) error { |
|
395 |
+ data := label.FormatMountLabel(fmt.Sprintf("br:%s,xino=/dev/shm/aufs.xino", rw), mountLabel) |
|
396 |
+ return mount("none", target, "aufs", 0, data) |
|
395 | 397 |
} |
396 | 398 |
|
397 | 399 |
func rollbackMount(target string, err error) { |
... | ... |
@@ -90,7 +90,7 @@ func TestCreateNewDir(t *testing.T) { |
90 | 90 |
d := newDriver(t) |
91 | 91 |
defer os.RemoveAll(tmp) |
92 | 92 |
|
93 |
- if err := d.Create("1", "", ""); err != nil { |
|
93 |
+ if err := d.Create("1", ""); err != nil { |
|
94 | 94 |
t.Fatal(err) |
95 | 95 |
} |
96 | 96 |
} |
... | ... |
@@ -99,7 +99,7 @@ func TestCreateNewDirStructure(t *testing.T) { |
99 | 99 |
d := newDriver(t) |
100 | 100 |
defer os.RemoveAll(tmp) |
101 | 101 |
|
102 |
- if err := d.Create("1", "", ""); err != nil { |
|
102 |
+ if err := d.Create("1", ""); err != nil { |
|
103 | 103 |
t.Fatal(err) |
104 | 104 |
} |
105 | 105 |
|
... | ... |
@@ -120,7 +120,7 @@ func TestRemoveImage(t *testing.T) { |
120 | 120 |
d := newDriver(t) |
121 | 121 |
defer os.RemoveAll(tmp) |
122 | 122 |
|
123 |
- if err := d.Create("1", "", ""); err != nil { |
|
123 |
+ if err := d.Create("1", ""); err != nil { |
|
124 | 124 |
t.Fatal(err) |
125 | 125 |
} |
126 | 126 |
|
... | ... |
@@ -145,11 +145,11 @@ func TestGetWithoutParent(t *testing.T) { |
145 | 145 |
d := newDriver(t) |
146 | 146 |
defer os.RemoveAll(tmp) |
147 | 147 |
|
148 |
- if err := d.Create("1", "", ""); err != nil { |
|
148 |
+ if err := d.Create("1", ""); err != nil { |
|
149 | 149 |
t.Fatal(err) |
150 | 150 |
} |
151 | 151 |
|
152 |
- diffPath, err := d.Get("1") |
|
152 |
+ diffPath, err := d.Get("1", "") |
|
153 | 153 |
if err != nil { |
154 | 154 |
t.Fatal(err) |
155 | 155 |
} |
... | ... |
@@ -172,7 +172,7 @@ func TestCleanupWithDir(t *testing.T) { |
172 | 172 |
d := newDriver(t) |
173 | 173 |
defer os.RemoveAll(tmp) |
174 | 174 |
|
175 |
- if err := d.Create("1", "", ""); err != nil { |
|
175 |
+ if err := d.Create("1", ""); err != nil { |
|
176 | 176 |
t.Fatal(err) |
177 | 177 |
} |
178 | 178 |
|
... | ... |
@@ -185,7 +185,7 @@ func TestMountedFalseResponse(t *testing.T) { |
185 | 185 |
d := newDriver(t) |
186 | 186 |
defer os.RemoveAll(tmp) |
187 | 187 |
|
188 |
- if err := d.Create("1", "", ""); err != nil { |
|
188 |
+ if err := d.Create("1", ""); err != nil { |
|
189 | 189 |
t.Fatal(err) |
190 | 190 |
} |
191 | 191 |
|
... | ... |
@@ -204,14 +204,14 @@ func TestMountedTrueReponse(t *testing.T) { |
204 | 204 |
defer os.RemoveAll(tmp) |
205 | 205 |
defer d.Cleanup() |
206 | 206 |
|
207 |
- if err := d.Create("1", "", ""); err != nil { |
|
207 |
+ if err := d.Create("1", ""); err != nil { |
|
208 | 208 |
t.Fatal(err) |
209 | 209 |
} |
210 |
- if err := d.Create("2", "1", ""); err != nil { |
|
210 |
+ if err := d.Create("2", "1"); err != nil { |
|
211 | 211 |
t.Fatal(err) |
212 | 212 |
} |
213 | 213 |
|
214 |
- _, err := d.Get("2") |
|
214 |
+ _, err := d.Get("2", "") |
|
215 | 215 |
if err != nil { |
216 | 216 |
t.Fatal(err) |
217 | 217 |
} |
... | ... |
@@ -230,10 +230,10 @@ func TestMountWithParent(t *testing.T) { |
230 | 230 |
d := newDriver(t) |
231 | 231 |
defer os.RemoveAll(tmp) |
232 | 232 |
|
233 |
- if err := d.Create("1", "", ""); err != nil { |
|
233 |
+ if err := d.Create("1", ""); err != nil { |
|
234 | 234 |
t.Fatal(err) |
235 | 235 |
} |
236 |
- if err := d.Create("2", "1", ""); err != nil { |
|
236 |
+ if err := d.Create("2", "1"); err != nil { |
|
237 | 237 |
t.Fatal(err) |
238 | 238 |
} |
239 | 239 |
|
... | ... |
@@ -243,7 +243,7 @@ func TestMountWithParent(t *testing.T) { |
243 | 243 |
} |
244 | 244 |
}() |
245 | 245 |
|
246 |
- mntPath, err := d.Get("2") |
|
246 |
+ mntPath, err := d.Get("2", "") |
|
247 | 247 |
if err != nil { |
248 | 248 |
t.Fatal(err) |
249 | 249 |
} |
... | ... |
@@ -261,10 +261,10 @@ func TestRemoveMountedDir(t *testing.T) { |
261 | 261 |
d := newDriver(t) |
262 | 262 |
defer os.RemoveAll(tmp) |
263 | 263 |
|
264 |
- if err := d.Create("1", "", ""); err != nil { |
|
264 |
+ if err := d.Create("1", ""); err != nil { |
|
265 | 265 |
t.Fatal(err) |
266 | 266 |
} |
267 |
- if err := d.Create("2", "1", ""); err != nil { |
|
267 |
+ if err := d.Create("2", "1"); err != nil { |
|
268 | 268 |
t.Fatal(err) |
269 | 269 |
} |
270 | 270 |
|
... | ... |
@@ -274,7 +274,7 @@ func TestRemoveMountedDir(t *testing.T) { |
274 | 274 |
} |
275 | 275 |
}() |
276 | 276 |
|
277 |
- mntPath, err := d.Get("2") |
|
277 |
+ mntPath, err := d.Get("2", "") |
|
278 | 278 |
if err != nil { |
279 | 279 |
t.Fatal(err) |
280 | 280 |
} |
... | ... |
@@ -300,7 +300,7 @@ func TestCreateWithInvalidParent(t *testing.T) { |
300 | 300 |
d := newDriver(t) |
301 | 301 |
defer os.RemoveAll(tmp) |
302 | 302 |
|
303 |
- if err := d.Create("1", "docker", ""); err == nil { |
|
303 |
+ if err := d.Create("1", "docker"); err == nil { |
|
304 | 304 |
t.Fatalf("Error should not be nil with parent does not exist") |
305 | 305 |
} |
306 | 306 |
} |
... | ... |
@@ -309,11 +309,11 @@ func TestGetDiff(t *testing.T) { |
309 | 309 |
d := newDriver(t) |
310 | 310 |
defer os.RemoveAll(tmp) |
311 | 311 |
|
312 |
- if err := d.Create("1", "", ""); err != nil { |
|
312 |
+ if err := d.Create("1", ""); err != nil { |
|
313 | 313 |
t.Fatal(err) |
314 | 314 |
} |
315 | 315 |
|
316 |
- diffPath, err := d.Get("1") |
|
316 |
+ diffPath, err := d.Get("1", "") |
|
317 | 317 |
if err != nil { |
318 | 318 |
t.Fatal(err) |
319 | 319 |
} |
... | ... |
@@ -343,10 +343,10 @@ func TestChanges(t *testing.T) { |
343 | 343 |
d := newDriver(t) |
344 | 344 |
defer os.RemoveAll(tmp) |
345 | 345 |
|
346 |
- if err := d.Create("1", "", ""); err != nil { |
|
346 |
+ if err := d.Create("1", ""); err != nil { |
|
347 | 347 |
t.Fatal(err) |
348 | 348 |
} |
349 |
- if err := d.Create("2", "1", ""); err != nil { |
|
349 |
+ if err := d.Create("2", "1"); err != nil { |
|
350 | 350 |
t.Fatal(err) |
351 | 351 |
} |
352 | 352 |
|
... | ... |
@@ -356,7 +356,7 @@ func TestChanges(t *testing.T) { |
356 | 356 |
} |
357 | 357 |
}() |
358 | 358 |
|
359 |
- mntPoint, err := d.Get("2") |
|
359 |
+ mntPoint, err := d.Get("2", "") |
|
360 | 360 |
if err != nil { |
361 | 361 |
t.Fatal(err) |
362 | 362 |
} |
... | ... |
@@ -392,10 +392,10 @@ func TestChanges(t *testing.T) { |
392 | 392 |
t.Fatalf("Change kind should be ChangeAdd got %s", change.Kind) |
393 | 393 |
} |
394 | 394 |
|
395 |
- if err := d.Create("3", "2", ""); err != nil { |
|
395 |
+ if err := d.Create("3", "2"); err != nil { |
|
396 | 396 |
t.Fatal(err) |
397 | 397 |
} |
398 |
- mntPoint, err = d.Get("3") |
|
398 |
+ mntPoint, err = d.Get("3", "") |
|
399 | 399 |
if err != nil { |
400 | 400 |
t.Fatal(err) |
401 | 401 |
} |
... | ... |
@@ -437,11 +437,11 @@ func TestDiffSize(t *testing.T) { |
437 | 437 |
d := newDriver(t) |
438 | 438 |
defer os.RemoveAll(tmp) |
439 | 439 |
|
440 |
- if err := d.Create("1", "", ""); err != nil { |
|
440 |
+ if err := d.Create("1", ""); err != nil { |
|
441 | 441 |
t.Fatal(err) |
442 | 442 |
} |
443 | 443 |
|
444 |
- diffPath, err := d.Get("1") |
|
444 |
+ diffPath, err := d.Get("1", "") |
|
445 | 445 |
if err != nil { |
446 | 446 |
t.Fatal(err) |
447 | 447 |
} |
... | ... |
@@ -479,11 +479,11 @@ func TestChildDiffSize(t *testing.T) { |
479 | 479 |
defer os.RemoveAll(tmp) |
480 | 480 |
defer d.Cleanup() |
481 | 481 |
|
482 |
- if err := d.Create("1", "", ""); err != nil { |
|
482 |
+ if err := d.Create("1", ""); err != nil { |
|
483 | 483 |
t.Fatal(err) |
484 | 484 |
} |
485 | 485 |
|
486 |
- diffPath, err := d.Get("1") |
|
486 |
+ diffPath, err := d.Get("1", "") |
|
487 | 487 |
if err != nil { |
488 | 488 |
t.Fatal(err) |
489 | 489 |
} |
... | ... |
@@ -515,7 +515,7 @@ func TestChildDiffSize(t *testing.T) { |
515 | 515 |
t.Fatalf("Expected size to be %d got %d", size, diffSize) |
516 | 516 |
} |
517 | 517 |
|
518 |
- if err := d.Create("2", "1", ""); err != nil { |
|
518 |
+ if err := d.Create("2", "1"); err != nil { |
|
519 | 519 |
t.Fatal(err) |
520 | 520 |
} |
521 | 521 |
|
... | ... |
@@ -534,7 +534,7 @@ func TestExists(t *testing.T) { |
534 | 534 |
defer os.RemoveAll(tmp) |
535 | 535 |
defer d.Cleanup() |
536 | 536 |
|
537 |
- if err := d.Create("1", "", ""); err != nil { |
|
537 |
+ if err := d.Create("1", ""); err != nil { |
|
538 | 538 |
t.Fatal(err) |
539 | 539 |
} |
540 | 540 |
|
... | ... |
@@ -552,7 +552,7 @@ func TestStatus(t *testing.T) { |
552 | 552 |
defer os.RemoveAll(tmp) |
553 | 553 |
defer d.Cleanup() |
554 | 554 |
|
555 |
- if err := d.Create("1", "", ""); err != nil { |
|
555 |
+ if err := d.Create("1", ""); err != nil { |
|
556 | 556 |
t.Fatal(err) |
557 | 557 |
} |
558 | 558 |
|
... | ... |
@@ -581,11 +581,11 @@ func TestApplyDiff(t *testing.T) { |
581 | 581 |
defer os.RemoveAll(tmp) |
582 | 582 |
defer d.Cleanup() |
583 | 583 |
|
584 |
- if err := d.Create("1", "", ""); err != nil { |
|
584 |
+ if err := d.Create("1", ""); err != nil { |
|
585 | 585 |
t.Fatal(err) |
586 | 586 |
} |
587 | 587 |
|
588 |
- diffPath, err := d.Get("1") |
|
588 |
+ diffPath, err := d.Get("1", "") |
|
589 | 589 |
if err != nil { |
590 | 590 |
t.Fatal(err) |
591 | 591 |
} |
... | ... |
@@ -607,10 +607,10 @@ func TestApplyDiff(t *testing.T) { |
607 | 607 |
t.Fatal(err) |
608 | 608 |
} |
609 | 609 |
|
610 |
- if err := d.Create("2", "", ""); err != nil { |
|
610 |
+ if err := d.Create("2", ""); err != nil { |
|
611 | 611 |
t.Fatal(err) |
612 | 612 |
} |
613 |
- if err := d.Create("3", "2", ""); err != nil { |
|
613 |
+ if err := d.Create("3", "2"); err != nil { |
|
614 | 614 |
t.Fatal(err) |
615 | 615 |
} |
616 | 616 |
|
... | ... |
@@ -620,7 +620,7 @@ func TestApplyDiff(t *testing.T) { |
620 | 620 |
|
621 | 621 |
// Ensure that the file is in the mount point for id 3 |
622 | 622 |
|
623 |
- mountPoint, err := d.Get("3") |
|
623 |
+ mountPoint, err := d.Get("3", "") |
|
624 | 624 |
if err != nil { |
625 | 625 |
t.Fatal(err) |
626 | 626 |
} |
... | ... |
@@ -656,11 +656,11 @@ func TestMountMoreThan42Layers(t *testing.T) { |
656 | 656 |
} |
657 | 657 |
current = hash(current) |
658 | 658 |
|
659 |
- if err := d.Create(current, parent, ""); err != nil { |
|
659 |
+ if err := d.Create(current, parent); err != nil { |
|
660 | 660 |
t.Logf("Current layer %d", i) |
661 | 661 |
t.Fatal(err) |
662 | 662 |
} |
663 |
- point, err := d.Get(current) |
|
663 |
+ point, err := d.Get(current, "") |
|
664 | 664 |
if err != nil { |
665 | 665 |
t.Logf("Current layer %d", i) |
666 | 666 |
t.Fatal(err) |
... | ... |
@@ -683,7 +683,7 @@ func TestMountMoreThan42Layers(t *testing.T) { |
683 | 683 |
} |
684 | 684 |
|
685 | 685 |
// Perform the actual mount for the top most image |
686 |
- point, err := d.Get(last) |
|
686 |
+ point, err := d.Get(last, "") |
|
687 | 687 |
if err != nil { |
688 | 688 |
t.Fatal(err) |
689 | 689 |
} |
... | ... |
@@ -77,11 +77,11 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e |
77 | 77 |
} |
78 | 78 |
|
79 | 79 |
initID := fmt.Sprintf("%s-init", id) |
80 |
- if err := a.Create(initID, metadata.Image, ""); err != nil { |
|
80 |
+ if err := a.Create(initID, metadata.Image); err != nil { |
|
81 | 81 |
return err |
82 | 82 |
} |
83 | 83 |
|
84 |
- initPath, err := a.Get(initID) |
|
84 |
+ initPath, err := a.Get(initID, "") |
|
85 | 85 |
if err != nil { |
86 | 86 |
return err |
87 | 87 |
} |
... | ... |
@@ -90,7 +90,7 @@ func (a *Driver) migrateContainers(pth string, setupInit func(p string) error) e |
90 | 90 |
return err |
91 | 91 |
} |
92 | 92 |
|
93 |
- if err := a.Create(id, initID, ""); err != nil { |
|
93 |
+ if err := a.Create(id, initID); err != nil { |
|
94 | 94 |
return err |
95 | 95 |
} |
96 | 96 |
} |
... | ... |
@@ -144,7 +144,7 @@ func (a *Driver) migrateImage(m *metadata, pth string, migrated map[string]bool) |
144 | 144 |
return err |
145 | 145 |
} |
146 | 146 |
if !a.Exists(m.ID) { |
147 |
- if err := a.Create(m.ID, m.ParentID, ""); err != nil { |
|
147 |
+ if err := a.Create(m.ID, m.ParentID); err != nil { |
|
148 | 148 |
return err |
149 | 149 |
} |
150 | 150 |
} |
... | ... |
@@ -80,7 +80,7 @@ func getDirFd(dir *C.DIR) uintptr { |
80 | 80 |
return uintptr(C.dirfd(dir)) |
81 | 81 |
} |
82 | 82 |
|
83 |
-func subvolCreate(path, name string, mountLabel string) error { |
|
83 |
+func subvolCreate(path, name string) error { |
|
84 | 84 |
dir, err := openDir(path) |
85 | 85 |
if err != nil { |
86 | 86 |
return err |
... | ... |
@@ -155,17 +155,17 @@ func (d *Driver) subvolumesDirId(id string) string { |
155 | 155 |
return path.Join(d.subvolumesDir(), id) |
156 | 156 |
} |
157 | 157 |
|
158 |
-func (d *Driver) Create(id string, parent string, mountLabel string) error { |
|
158 |
+func (d *Driver) Create(id string, parent string) error { |
|
159 | 159 |
subvolumes := path.Join(d.home, "subvolumes") |
160 | 160 |
if err := os.MkdirAll(subvolumes, 0700); err != nil { |
161 | 161 |
return err |
162 | 162 |
} |
163 | 163 |
if parent == "" { |
164 |
- if err := subvolCreate(subvolumes, id, mountLabel); err != nil { |
|
164 |
+ if err := subvolCreate(subvolumes, id); err != nil { |
|
165 | 165 |
return err |
166 | 166 |
} |
167 | 167 |
} else { |
168 |
- parentDir, err := d.Get(parent) |
|
168 |
+ parentDir, err := d.Get(parent, "") |
|
169 | 169 |
if err != nil { |
170 | 170 |
return err |
171 | 171 |
} |
... | ... |
@@ -187,7 +187,7 @@ func (d *Driver) Remove(id string) error { |
187 | 187 |
return os.RemoveAll(dir) |
188 | 188 |
} |
189 | 189 |
|
190 |
-func (d *Driver) Get(id string) (string, error) { |
|
190 |
+func (d *Driver) Get(id, mountLabel string) (string, error) { |
|
191 | 191 |
dir := d.subvolumesDirId(id) |
192 | 192 |
st, err := os.Stat(dir) |
193 | 193 |
if err != nil { |
... | ... |
@@ -845,7 +845,7 @@ func (devices *DeviceSet) Shutdown() error { |
845 | 845 |
return nil |
846 | 846 |
} |
847 | 847 |
|
848 |
-func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) error { |
|
848 |
+func (devices *DeviceSet) MountDevice(hash, path, mountLabel string) error { |
|
849 | 849 |
info, err := devices.lookupDevice(hash) |
850 | 850 |
if err != nil { |
851 | 851 |
return err |
... | ... |
@@ -858,6 +858,7 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro |
858 | 858 |
defer devices.Unlock() |
859 | 859 |
|
860 | 860 |
if info.mountCount > 0 { |
861 |
+ fmt.Printf("---> already mounted\n") |
|
861 | 862 |
if path != info.mountPath { |
862 | 863 |
return fmt.Errorf("Trying to mount devmapper device in multple places (%s, %s)", info.mountPath, path) |
863 | 864 |
} |
... | ... |
@@ -873,9 +874,12 @@ func (devices *DeviceSet) MountDevice(hash, path string, mountLabel string) erro |
873 | 873 |
var flags uintptr = sysMsMgcVal |
874 | 874 |
|
875 | 875 |
mountOptions := label.FormatMountLabel("discard", mountLabel) |
876 |
+ fmt.Printf("-----> setting mount label %s\n", mountOptions) |
|
877 |
+ |
|
876 | 878 |
err = sysMount(info.DevName(), path, "ext4", flags, mountOptions) |
877 | 879 |
if err != nil && err == sysEInval { |
878 |
- mountOptions = label.FormatMountLabel(mountLabel, "") |
|
880 |
+ mountOptions = label.FormatMountLabel("", mountLabel) |
|
881 |
+ fmt.Printf("-----> setting mount label after error %s\n", mountOptions) |
|
879 | 882 |
err = sysMount(info.DevName(), path, "ext4", flags, mountOptions) |
880 | 883 |
} |
881 | 884 |
if err != nil { |
... | ... |
@@ -60,7 +60,7 @@ func (d *Driver) Cleanup() error { |
60 | 60 |
return d.DeviceSet.Shutdown() |
61 | 61 |
} |
62 | 62 |
|
63 |
-func (d *Driver) Create(id, parent string, mountLabel string) error { |
|
63 |
+func (d *Driver) Create(id, parent string) error { |
|
64 | 64 |
if err := d.DeviceSet.AddDevice(id, parent); err != nil { |
65 | 65 |
return err |
66 | 66 |
} |
... | ... |
@@ -89,7 +89,7 @@ func (d *Driver) Remove(id string) error { |
89 | 89 |
return nil |
90 | 90 |
} |
91 | 91 |
|
92 |
-func (d *Driver) Get(id string) (string, error) { |
|
92 |
+func (d *Driver) Get(id, mountLabel string) (string, error) { |
|
93 | 93 |
mp := path.Join(d.home, "mnt", id) |
94 | 94 |
|
95 | 95 |
// Create the target directories if they don't exist |
... | ... |
@@ -436,6 +436,12 @@ func TestDriverCreate(t *testing.T) { |
436 | 436 |
return nil |
437 | 437 |
} |
438 | 438 |
|
439 |
+ sysUnmount = func(target string, flag int) error { |
|
440 |
+ //calls["sysUnmount"] = true |
|
441 |
+ |
|
442 |
+ return nil |
|
443 |
+ } |
|
444 |
+ |
|
439 | 445 |
Mounted = func(mnt string) (bool, error) { |
440 | 446 |
calls["Mounted"] = true |
441 | 447 |
if !strings.HasPrefix(mnt, "/tmp/docker-test-devmapper-") || !strings.HasSuffix(mnt, "/mnt/1") { |
... | ... |
@@ -494,7 +500,7 @@ func TestDriverCreate(t *testing.T) { |
494 | 494 |
"?ioctl.loopctlgetfree", |
495 | 495 |
) |
496 | 496 |
|
497 |
- if err := d.Create("1", "", ""); err != nil { |
|
497 |
+ if err := d.Create("1", ""); err != nil { |
|
498 | 498 |
t.Fatal(err) |
499 | 499 |
} |
500 | 500 |
calls.Assert(t, |
... | ... |
@@ -542,7 +548,6 @@ func TestDriverRemove(t *testing.T) { |
542 | 542 |
return nil |
543 | 543 |
} |
544 | 544 |
sysUnmount = func(target string, flags int) (err error) { |
545 |
- calls["sysUnmount"] = true |
|
546 | 545 |
// FIXME: compare the exact source and target strings (inodes + devname) |
547 | 546 |
if expectedTarget := "/tmp/docker-test-devmapper-"; !strings.HasPrefix(target, expectedTarget) { |
548 | 547 |
t.Fatalf("Wrong syscall call\nExpected: Mount(%v)\nReceived: Mount(%v)\n", expectedTarget, target) |
... | ... |
@@ -607,7 +612,7 @@ func TestDriverRemove(t *testing.T) { |
607 | 607 |
"?ioctl.loopctlgetfree", |
608 | 608 |
) |
609 | 609 |
|
610 |
- if err := d.Create("1", "", ""); err != nil { |
|
610 |
+ if err := d.Create("1", ""); err != nil { |
|
611 | 611 |
t.Fatal(err) |
612 | 612 |
} |
613 | 613 |
|
... | ... |
@@ -657,21 +662,21 @@ func TestCleanup(t *testing.T) { |
657 | 657 |
|
658 | 658 |
mountPoints := make([]string, 2) |
659 | 659 |
|
660 |
- if err := d.Create("1", "", ""); err != nil { |
|
660 |
+ if err := d.Create("1", ""); err != nil { |
|
661 | 661 |
t.Fatal(err) |
662 | 662 |
} |
663 | 663 |
// Mount the id |
664 |
- p, err := d.Get("1") |
|
664 |
+ p, err := d.Get("1", "") |
|
665 | 665 |
if err != nil { |
666 | 666 |
t.Fatal(err) |
667 | 667 |
} |
668 | 668 |
mountPoints[0] = p |
669 | 669 |
|
670 |
- if err := d.Create("2", "1", ""); err != nil { |
|
670 |
+ if err := d.Create("2", "1"); err != nil { |
|
671 | 671 |
t.Fatal(err) |
672 | 672 |
} |
673 | 673 |
|
674 |
- p, err = d.Get("2") |
|
674 |
+ p, err = d.Get("2", "") |
|
675 | 675 |
if err != nil { |
676 | 676 |
t.Fatal(err) |
677 | 677 |
} |
... | ... |
@@ -720,7 +725,7 @@ func TestNotMounted(t *testing.T) { |
720 | 720 |
d := newDriver(t) |
721 | 721 |
defer cleanup(d) |
722 | 722 |
|
723 |
- if err := d.Create("1", "", ""); err != nil { |
|
723 |
+ if err := d.Create("1", ""); err != nil { |
|
724 | 724 |
t.Fatal(err) |
725 | 725 |
} |
726 | 726 |
|
... | ... |
@@ -738,10 +743,10 @@ func TestMounted(t *testing.T) { |
738 | 738 |
d := newDriver(t) |
739 | 739 |
defer cleanup(d) |
740 | 740 |
|
741 |
- if err := d.Create("1", "", ""); err != nil { |
|
741 |
+ if err := d.Create("1", ""); err != nil { |
|
742 | 742 |
t.Fatal(err) |
743 | 743 |
} |
744 |
- if _, err := d.Get("1"); err != nil { |
|
744 |
+ if _, err := d.Get("1", ""); err != nil { |
|
745 | 745 |
t.Fatal(err) |
746 | 746 |
} |
747 | 747 |
|
... | ... |
@@ -758,10 +763,10 @@ func TestInitCleanedDriver(t *testing.T) { |
758 | 758 |
t.Skip("FIXME: not a unit test") |
759 | 759 |
d := newDriver(t) |
760 | 760 |
|
761 |
- if err := d.Create("1", "", ""); err != nil { |
|
761 |
+ if err := d.Create("1", ""); err != nil { |
|
762 | 762 |
t.Fatal(err) |
763 | 763 |
} |
764 |
- if _, err := d.Get("1"); err != nil { |
|
764 |
+ if _, err := d.Get("1", ""); err != nil { |
|
765 | 765 |
t.Fatal(err) |
766 | 766 |
} |
767 | 767 |
|
... | ... |
@@ -776,7 +781,7 @@ func TestInitCleanedDriver(t *testing.T) { |
776 | 776 |
d = driver.(*Driver) |
777 | 777 |
defer cleanup(d) |
778 | 778 |
|
779 |
- if _, err := d.Get("1"); err != nil { |
|
779 |
+ if _, err := d.Get("1", ""); err != nil { |
|
780 | 780 |
t.Fatal(err) |
781 | 781 |
} |
782 | 782 |
} |
... | ... |
@@ -786,16 +791,16 @@ func TestMountMountedDriver(t *testing.T) { |
786 | 786 |
d := newDriver(t) |
787 | 787 |
defer cleanup(d) |
788 | 788 |
|
789 |
- if err := d.Create("1", "", ""); err != nil { |
|
789 |
+ if err := d.Create("1", ""); err != nil { |
|
790 | 790 |
t.Fatal(err) |
791 | 791 |
} |
792 | 792 |
|
793 | 793 |
// Perform get on same id to ensure that it will |
794 | 794 |
// not be mounted twice |
795 |
- if _, err := d.Get("1"); err != nil { |
|
795 |
+ if _, err := d.Get("1", ""); err != nil { |
|
796 | 796 |
t.Fatal(err) |
797 | 797 |
} |
798 |
- if _, err := d.Get("1"); err != nil { |
|
798 |
+ if _, err := d.Get("1", ""); err != nil { |
|
799 | 799 |
t.Fatal(err) |
800 | 800 |
} |
801 | 801 |
} |
... | ... |
@@ -805,7 +810,7 @@ func TestGetReturnsValidDevice(t *testing.T) { |
805 | 805 |
d := newDriver(t) |
806 | 806 |
defer cleanup(d) |
807 | 807 |
|
808 |
- if err := d.Create("1", "", ""); err != nil { |
|
808 |
+ if err := d.Create("1", ""); err != nil { |
|
809 | 809 |
t.Fatal(err) |
810 | 810 |
} |
811 | 811 |
|
... | ... |
@@ -813,7 +818,7 @@ func TestGetReturnsValidDevice(t *testing.T) { |
813 | 813 |
t.Fatalf("Expected id 1 to be in device set") |
814 | 814 |
} |
815 | 815 |
|
816 |
- if _, err := d.Get("1"); err != nil { |
|
816 |
+ if _, err := d.Get("1", ""); err != nil { |
|
817 | 817 |
t.Fatal(err) |
818 | 818 |
} |
819 | 819 |
|
... | ... |
@@ -833,11 +838,11 @@ func TestDriverGetSize(t *testing.T) { |
833 | 833 |
d := newDriver(t) |
834 | 834 |
defer cleanup(d) |
835 | 835 |
|
836 |
- if err := d.Create("1", "", ""); err != nil { |
|
836 |
+ if err := d.Create("1", ""); err != nil { |
|
837 | 837 |
t.Fatal(err) |
838 | 838 |
} |
839 | 839 |
|
840 |
- mountPoint, err := d.Get("1") |
|
840 |
+ mountPoint, err := d.Get("1", "") |
|
841 | 841 |
if err != nil { |
842 | 842 |
t.Fatal(err) |
843 | 843 |
} |
... | ... |
@@ -13,10 +13,10 @@ type InitFunc func(root string) (Driver, error) |
13 | 13 |
type Driver interface { |
14 | 14 |
String() string |
15 | 15 |
|
16 |
- Create(id, parent string, mountLabel string) error |
|
16 |
+ Create(id, parent string) error |
|
17 | 17 |
Remove(id string) error |
18 | 18 |
|
19 |
- Get(id string) (dir string, err error) |
|
19 |
+ Get(id, mountLabel string) (dir string, err error) |
|
20 | 20 |
Put(id string) |
21 | 21 |
Exists(id string) bool |
22 | 22 |
|
... | ... |
@@ -42,7 +42,7 @@ func copyDir(src, dst string) error { |
42 | 42 |
return nil |
43 | 43 |
} |
44 | 44 |
|
45 |
-func (d *Driver) Create(id string, parent string, mountLabel string) error { |
|
45 |
+func (d *Driver) Create(id, parent string) error { |
|
46 | 46 |
dir := d.dir(id) |
47 | 47 |
if err := os.MkdirAll(path.Dir(dir), 0700); err != nil { |
48 | 48 |
return err |
... | ... |
@@ -53,7 +53,7 @@ func (d *Driver) Create(id string, parent string, mountLabel string) error { |
53 | 53 |
if parent == "" { |
54 | 54 |
return nil |
55 | 55 |
} |
56 |
- parentDir, err := d.Get(parent) |
|
56 |
+ parentDir, err := d.Get(parent, "") |
|
57 | 57 |
if err != nil { |
58 | 58 |
return fmt.Errorf("%s: %s", parent, err) |
59 | 59 |
} |
... | ... |
@@ -74,7 +74,7 @@ func (d *Driver) Remove(id string) error { |
74 | 74 |
return os.RemoveAll(d.dir(id)) |
75 | 75 |
} |
76 | 76 |
|
77 |
-func (d *Driver) Get(id string) (string, error) { |
|
77 |
+func (d *Driver) Get(id, mountLabel string) (string, error) { |
|
78 | 78 |
dir := d.dir(id) |
79 | 79 |
if st, err := os.Stat(dir); err != nil { |
80 | 80 |
return "", err |
... | ... |
@@ -204,7 +204,7 @@ func createVolumes(container *Container) error { |
204 | 204 |
if err != nil { |
205 | 205 |
return err |
206 | 206 |
} |
207 |
- srcPath, err = volumesDriver.Get(c.ID) |
|
207 |
+ srcPath, err = volumesDriver.Get(c.ID, "") |
|
208 | 208 |
if err != nil { |
209 | 209 |
return fmt.Errorf("Driver %s failed to get volume rootfs %s: %s", volumesDriver, c.ID, err) |
210 | 210 |
} |
... | ... |
@@ -29,6 +29,7 @@ type Config struct { |
29 | 29 |
Mtu int |
30 | 30 |
DisableNetwork bool |
31 | 31 |
EnableSelinuxSupport bool |
32 |
+ Context map[string][]string |
|
32 | 33 |
} |
33 | 34 |
|
34 | 35 |
// ConfigFromJob creates and returns a new DaemonConfig object |
... | ... |
@@ -46,7 +47,7 @@ func ConfigFromJob(job *engine.Job) *Config { |
46 | 46 |
InterContainerCommunication: job.GetenvBool("InterContainerCommunication"), |
47 | 47 |
GraphDriver: job.Getenv("GraphDriver"), |
48 | 48 |
ExecDriver: job.Getenv("ExecDriver"), |
49 |
- EnableSelinuxSupport: false, // FIXME: hardcoded default to disable selinux for .10 release |
|
49 |
+ EnableSelinuxSupport: job.GetenvBool("SelinuxEnabled"), |
|
50 | 50 |
} |
51 | 51 |
if dns := job.GetenvList("Dns"); dns != nil { |
52 | 52 |
config.Dns = dns |
... | ... |
@@ -64,6 +64,7 @@ func main() { |
64 | 64 |
flCa = flag.String([]string{"-tlscacert"}, dockerConfDir+defaultCaFile, "Trust only remotes providing a certificate signed by the CA given here") |
65 | 65 |
flCert = flag.String([]string{"-tlscert"}, dockerConfDir+defaultCertFile, "Path to TLS certificate file") |
66 | 66 |
flKey = flag.String([]string{"-tlskey"}, dockerConfDir+defaultKeyFile, "Path to TLS key file") |
67 |
+ flSelinuxEnabled = flag.Bool([]string{"-selinux-enabled"}, false, "Enable selinux support") |
|
67 | 68 |
) |
68 | 69 |
flag.Var(&flDns, []string{"#dns", "-dns"}, "Force docker to use specific DNS servers") |
69 | 70 |
flag.Var(&flDnsSearch, []string{"-dns-search"}, "Force Docker to use specific DNS search domains") |
... | ... |
@@ -148,6 +149,7 @@ func main() { |
148 | 148 |
job.Setenv("GraphDriver", *flGraphDriver) |
149 | 149 |
job.Setenv("ExecDriver", *flExecDriver) |
150 | 150 |
job.SetenvInt("Mtu", *flMtu) |
151 |
+ job.SetenvBool("SelinuxEnabled", *flSelinuxEnabled) |
|
151 | 152 |
if err := job.Run(); err != nil { |
152 | 153 |
log.Fatal(err) |
153 | 154 |
} |
... | ... |
@@ -98,7 +98,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) { |
98 | 98 |
img.SetGraph(graph) |
99 | 99 |
|
100 | 100 |
if img.Size < 0 { |
101 |
- rootfs, err := graph.driver.Get(img.ID) |
|
101 |
+ rootfs, err := graph.driver.Get(img.ID, "") |
|
102 | 102 |
if err != nil { |
103 | 103 |
return nil, fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err) |
104 | 104 |
} |
... | ... |
@@ -110,7 +110,7 @@ func (graph *Graph) Get(name string) (*image.Image, error) { |
110 | 110 |
return nil, err |
111 | 111 |
} |
112 | 112 |
} else { |
113 |
- parentFs, err := graph.driver.Get(img.Parent) |
|
113 |
+ parentFs, err := graph.driver.Get(img.Parent, "") |
|
114 | 114 |
if err != nil { |
115 | 115 |
return nil, err |
116 | 116 |
} |
... | ... |
@@ -191,11 +191,11 @@ func (graph *Graph) Register(jsonData []byte, layerData archive.ArchiveReader, i |
191 | 191 |
} |
192 | 192 |
|
193 | 193 |
// Create root filesystem in the driver |
194 |
- if err := graph.driver.Create(img.ID, img.Parent, ""); err != nil { |
|
194 |
+ if err := graph.driver.Create(img.ID, img.Parent); err != nil { |
|
195 | 195 |
return fmt.Errorf("Driver %s failed to create image rootfs %s: %s", graph.driver, img.ID, err) |
196 | 196 |
} |
197 | 197 |
// Mount the root filesystem so we can apply the diff/layer |
198 |
- rootfs, err := graph.driver.Get(img.ID) |
|
198 |
+ rootfs, err := graph.driver.Get(img.ID, "") |
|
199 | 199 |
if err != nil { |
200 | 200 |
return fmt.Errorf("Driver %s failed to get image rootfs %s: %s", graph.driver, img.ID, err) |
201 | 201 |
} |
... | ... |
@@ -98,7 +98,7 @@ func StoreImage(img *Image, jsonData []byte, layerData archive.ArchiveReader, ro |
98 | 98 |
return err |
99 | 99 |
} |
100 | 100 |
} else { |
101 |
- parent, err := driver.Get(img.Parent) |
|
101 |
+ parent, err := driver.Get(img.Parent, "") |
|
102 | 102 |
if err != nil { |
103 | 103 |
return err |
104 | 104 |
} |
... | ... |
@@ -159,7 +159,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) { |
159 | 159 |
return differ.Diff(img.ID) |
160 | 160 |
} |
161 | 161 |
|
162 |
- imgFs, err := driver.Get(img.ID) |
|
162 |
+ imgFs, err := driver.Get(img.ID, "") |
|
163 | 163 |
if err != nil { |
164 | 164 |
return nil, err |
165 | 165 |
} |
... | ... |
@@ -182,7 +182,7 @@ func (img *Image) TarLayer() (arch archive.Archive, err error) { |
182 | 182 |
}), nil |
183 | 183 |
} |
184 | 184 |
|
185 |
- parentFs, err := driver.Get(img.Parent) |
|
185 |
+ parentFs, err := driver.Get(img.Parent, "") |
|
186 | 186 |
if err != nil { |
187 | 187 |
return nil, err |
188 | 188 |
} |
... | ... |
@@ -874,12 +874,12 @@ func TestDestroyWithInitLayer(t *testing.T) { |
874 | 874 |
driver := daemon.Graph().Driver() |
875 | 875 |
|
876 | 876 |
// Make sure that the container does not exist in the driver |
877 |
- if _, err := driver.Get(container.ID); err == nil { |
|
877 |
+ if _, err := driver.Get(container.ID, ""); err == nil { |
|
878 | 878 |
t.Fatal("Conttainer should not exist in the driver") |
879 | 879 |
} |
880 | 880 |
|
881 | 881 |
// Make sure that the init layer is removed from the driver |
882 |
- if _, err := driver.Get(fmt.Sprintf("%s-init", container.ID)); err == nil { |
|
882 |
+ if _, err := driver.Get(fmt.Sprintf("%s-init", container.ID), ""); err == nil { |
|
883 | 883 |
t.Fatal("Container's init layer should not exist in the driver") |
884 | 884 |
} |
885 | 885 |
} |
... | ... |
@@ -32,13 +32,13 @@ func GenLabels(options string) (string, string, error) { |
32 | 32 |
return processLabel, mountLabel, err |
33 | 33 |
} |
34 | 34 |
|
35 |
-func FormatMountLabel(src string, mountLabel string) string { |
|
36 |
- if selinux.SelinuxEnabled() && mountLabel != "" { |
|
35 |
+func FormatMountLabel(src, mountLabel string) string { |
|
36 |
+ if mountLabel != "" { |
|
37 | 37 |
switch src { |
38 | 38 |
case "": |
39 |
- src = fmt.Sprintf("%s,context=%s", src, mountLabel) |
|
39 |
+ src = fmt.Sprintf("context=%q", mountLabel) |
|
40 | 40 |
default: |
41 |
- src = fmt.Sprintf("context=%s", mountLabel) |
|
41 |
+ src = fmt.Sprintf("%s,context=%q", src, mountLabel) |
|
42 | 42 |
} |
43 | 43 |
} |
44 | 44 |
return src |
... | ... |
@@ -75,8 +75,9 @@ func (ns *linuxNs) Init(container *libcontainer.Container, uncleanRootfs, consol |
75 | 75 |
} |
76 | 76 |
} |
77 | 77 |
runtime.LockOSThread() |
78 |
+ |
|
78 | 79 |
if err := label.SetProcessLabel(container.Context["process_label"]); err != nil { |
79 |
- return fmt.Errorf("SetProcessLabel label %s", err) |
|
80 |
+ return fmt.Errorf("set process label %s", err) |
|
80 | 81 |
} |
81 | 82 |
ns.logger.Printf("execing %s\n", args[0]) |
82 | 83 |
return system.Execv(args[0], args[0:], container.Env) |