diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2019-10-29 16:04:21 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2019-10-29 16:05:42 -0400 |
commit | 0b9e07f7f289da6fda83bcb1660e345cf894a6b6 (patch) | |
tree | 342063f397512a5eb82ad0aebddfc4bcbb6a2933 | |
parent | 5918f3a5f1d11862fbaaca94ff25f1d9cc1309e2 (diff) | |
download | podman-0b9e07f7f289da6fda83bcb1660e345cf894a6b6.tar.gz podman-0b9e07f7f289da6fda83bcb1660e345cf894a6b6.tar.bz2 podman-0b9e07f7f289da6fda83bcb1660e345cf894a6b6.zip |
Processes execed into container should match container label
Processes execed into a container were not being run with the correct label.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
-rw-r--r-- | libpod/oci_conmon_linux.go | 2 | ||||
-rw-r--r-- | test/e2e/exec_test.go | 1 | ||||
-rw-r--r-- | test/e2e/run_selinux_test.go | 12 |
3 files changed, 14 insertions, 1 deletions
diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go index 448e05bdf..2798c3043 100644 --- a/libpod/oci_conmon_linux.go +++ b/libpod/oci_conmon_linux.go @@ -1023,8 +1023,8 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se if err != nil { return nil, err } - pspec := c.config.Spec.Process + pspec.SelinuxLabel = c.config.ProcessLabel pspec.Args = cmd // We need to default this to false else it will inherit terminal as true // from the container. diff --git a/test/e2e/exec_test.go b/test/e2e/exec_test.go index 1c4a9adb9..ed4eb3335 100644 --- a/test/e2e/exec_test.go +++ b/test/e2e/exec_test.go @@ -243,4 +243,5 @@ var _ = Describe("Podman exec", func() { session.WaitWithDefaultTimeout() Expect(session.ExitCode()).To(Equal(0)) }) + }) diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 0c78ab15b..ebc36b7f1 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -165,4 +165,16 @@ var _ = Describe("Podman run", func() { Expect(session.ExitCode()).To(Equal(126)) }) + It("podman exec selinux check", func() { + setup := podmanTest.RunTopContainer("test1") + setup.WaitWithDefaultTimeout() + Expect(setup.ExitCode()).To(Equal(0)) + + session := podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/self/attr/current"}) + session.WaitWithDefaultTimeout() + session1 := podmanTest.Podman([]string{"exec", "test1", "cat", "/proc/self/attr/current"}) + session1.WaitWithDefaultTimeout() + Expect(session.OutputToString()).To(Equal(session1.OutputToString())) + }) + }) |