diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-05-17 16:28:21 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-05-17 16:28:21 -0400 |
| commit | a7fa0da4a5584044bc6319eb76d25f6fd90cce64 (patch) | |
| tree | 87bc795ad14ab8b8f1ff96354b754095985fb113 | |
| parent | 3aa4746fb6d4c6e9934f1ace420ba0ecbc11b4f1 (diff) | |
| parent | 6efca0bbac4346be1c9693c5ef5c592f2fc21035 (diff) | |
| download | podman-a7fa0da4a5584044bc6319eb76d25f6fd90cce64.tar.gz podman-a7fa0da4a5584044bc6319eb76d25f6fd90cce64.tar.bz2 podman-a7fa0da4a5584044bc6319eb76d25f6fd90cce64.zip | |
Merge pull request #10334 from mheon/add_relabel_vol_plugin
Ensure that :Z/:z/:U can be used with named volumes
| -rw-r--r-- | libpod/container_internal_linux.go | 38 | ||||
| -rw-r--r-- | test/e2e/run_selinux_test.go | 8 |
2 files changed, 27 insertions, 19 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 04340e6b2..1b2f5a496 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -358,6 +358,25 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { return nil, err } + // Add named volumes + for _, namedVol := range c.config.NamedVolumes { + volume, err := c.runtime.GetVolume(namedVol.Name) + if err != nil { + return nil, errors.Wrapf(err, "error retrieving volume %s to add to container %s", namedVol.Name, c.ID()) + } + mountPoint, err := volume.MountPoint() + if err != nil { + return nil, err + } + volMount := spec.Mount{ + Type: "bind", + Source: mountPoint, + Destination: namedVol.Dest, + Options: namedVol.Options, + } + g.AddMount(volMount) + } + // Check if the spec file mounts contain the options z, Z or U. // If they have z or Z, relabel the source directory and then remove the option. // If they have U, chown the source directory and them remove the option. @@ -391,25 +410,6 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) { g.SetProcessSelinuxLabel(c.ProcessLabel()) g.SetLinuxMountLabel(c.MountLabel()) - // Add named volumes - for _, namedVol := range c.config.NamedVolumes { - volume, err := c.runtime.GetVolume(namedVol.Name) - if err != nil { - return nil, errors.Wrapf(err, "error retrieving volume %s to add to container %s", namedVol.Name, c.ID()) - } - mountPoint, err := volume.MountPoint() - if err != nil { - return nil, err - } - volMount := spec.Mount{ - Type: "bind", - Source: mountPoint, - Destination: namedVol.Dest, - Options: namedVol.Options, - } - g.AddMount(volMount) - } - // Add bind mounts to container for dstPath, srcPath := range c.state.BindMounts { newMount := spec.Mount{ diff --git a/test/e2e/run_selinux_test.go b/test/e2e/run_selinux_test.go index 6abe152a9..2886f06c1 100644 --- a/test/e2e/run_selinux_test.go +++ b/test/e2e/run_selinux_test.go @@ -343,4 +343,12 @@ var _ = Describe("Podman run", func() { session.WaitWithDefaultTimeout() Expect(session.OutputToString()).To(ContainSubstring("container_init_t")) }) + + It("podman relabels named volume with :Z", func() { + session := podmanTest.Podman([]string{"run", "-v", "testvol:/test1/test:Z", fedoraMinimal, "ls", "-alZ", "/test1"}) + session.WaitWithDefaultTimeout() + Expect(session.ExitCode()).To(Equal(0)) + match, _ := session.GrepString(":s0:") + Expect(match).Should(BeTrue()) + }) }) |