summaryrefslogtreecommitdiff
path: root/libpod/container_internal.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2018-05-30 15:57:33 -0400
committerAtomic Bot <atomic-devel@projectatomic.io>2018-05-31 13:51:11 +0000
commit7c6034e161abf4b70fb0409718cc5aa8cd83cc88 (patch)
tree243e51b1ec5303a0144b4d21a016e6be59ec7146 /libpod/container_internal.go
parentbae80a0b663925ec751ad2784ca32989403cdc24 (diff)
downloadpodman-7c6034e161abf4b70fb0409718cc5aa8cd83cc88.tar.gz
podman-7c6034e161abf4b70fb0409718cc5aa8cd83cc88.tar.bz2
podman-7c6034e161abf4b70fb0409718cc5aa8cd83cc88.zip
We need to change the SELinux label of the conmon process to s0
If SELinux is enabled, we are leaking in pipes into the container owned by conmon. The container processes are not allowed to use these pipes, if the calling process is fully ranged. By changing the level of the conmon process to s0, this allows container processes to use the pipes. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Closes: #854 Approved by: mheon
Diffstat (limited to 'libpod/container_internal.go')
0 files changed, 0 insertions, 0 deletions