aboutsummaryrefslogtreecommitdiff
path: root/cmd/podman
diff options
context:
space:
mode:
authorPeter Hunt <pehunt@redhat.com>2019-03-07 12:52:54 -0500
committerPeter Hunt <pehunt@redhat.com>2019-03-28 09:54:31 -0400
commit0d0ad59641a308450d694d4c2fb95303c64fabf8 (patch)
treecce1ff87f1c9c501b70ee360fceacb512808e5bd /cmd/podman
parent850326cc192444d1c5cfd8ba6e1015f653b41e73 (diff)
downloadpodman-0d0ad59641a308450d694d4c2fb95303c64fabf8.tar.gz
podman-0d0ad59641a308450d694d4c2fb95303c64fabf8.tar.bz2
podman-0d0ad59641a308450d694d4c2fb95303c64fabf8.zip
Default to SELinux private label for play kube mounts
Before, there were SELinux denials when a volume was bind-mounted by podman play kube. Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate) For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point also remove left over debugging print statement Signed-off-by: Peter Hunt <pehunt@redhat.com>
Diffstat (limited to 'cmd/podman')
-rw-r--r--cmd/podman/play_kube.go7
1 files changed, 6 insertions, 1 deletions
diff --git a/cmd/podman/play_kube.go b/cmd/podman/play_kube.go
index 10221a339..0429a40eb 100644
--- a/cmd/podman/play_kube.go
+++ b/cmd/podman/play_kube.go
@@ -168,7 +168,13 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
return errors.Errorf("Error creating HostPath %s at %s", volume.Name, hostPath.Path)
}
}
+ // unconditionally label a newly created volume as private
+ if err := libpod.LabelVolumePath(hostPath.Path, false); err != nil {
+ return errors.Wrapf(err, "Error giving %s a label", hostPath.Path)
+ }
+ break
case v1.HostPathDirectory:
+ case v1.HostPathUnset:
// do nothing here because we will verify the path exists in validateVolumeHostDir
break
default:
@@ -178,7 +184,6 @@ func playKubeYAMLCmd(c *cliconfig.KubePlayValues) error {
if err := shared.ValidateVolumeHostDir(hostPath.Path); err != nil {
return errors.Wrapf(err, "Error in parsing HostPath in YAML")
}
- fmt.Println(volume.Name)
volumes[volume.Name] = hostPath.Path
}