selinux: remove explicit range transition when starting conmon

Do not explicitly transition to s0 when starting conmon. Instead, the policy should implement this behavior. [NO NEW TESTS NEEDED] This is dependent on the SELinux policy to implement the desired behavior. Additionally, entirely custom SELinux policies may choose to implement the behavior differently. Signed-off-by: Kenton Groombridge <me@concord.sh>
author: Kenton Groombridge <me@concord.sh> 2022-01-31 12:05:43 -0500
committer: Kenton Groombridge <me@concord.sh> 2022-03-08 10:57:26 -0500
commit: bd0766e9668f9dc186684223bea7b6388102ecb8 (patch)
tree: 3829b941ecd0c337d74c50186129eb9a7e2ffdb7 /libpod/oci_conmon_exec_linux.go
parent: f33b64d8b7d7b2bd22560cfacc90e25d1f9e16b4 (diff)
download: podman-bd0766e9668f9dc186684223bea7b6388102ecb8.tar.gz
podman-bd0766e9668f9dc186684223bea7b6388102ecb8.tar.bz2
podman-bd0766e9668f9dc186684223bea7b6388102ecb8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/libpod/oci_conmon_exec_linux.go b/libpod/oci_conmon_exec_linux.go
index aa970bbde..c88ef2c67 100644
--- a/libpod/oci_conmon_exec_linux.go
+++ b/libpod/oci_conmon_exec_linux.go
@@ -462,7 +462,7 @@ func (r *ConmonOCIRuntime) startExec(c *Container, sessionID string, options *Ex
 		Setpgid: true,
 	}
 
-	err = startCommandGivenSelinux(execCmd, c)
+	err = startCommand(execCmd, c)
 
 	// We don't need children pipes  on the parent side
 	errorhandling.CloseQuiet(childSyncPipe)
author	Kenton Groombridge <me@concord.sh>	2022-01-31 12:05:43 -0500
committer	Kenton Groombridge <me@concord.sh>	2022-03-08 10:57:26 -0500
commit	bd0766e9668f9dc186684223bea7b6388102ecb8 (patch)
tree	3829b941ecd0c337d74c50186129eb9a7e2ffdb7 /libpod/oci_conmon_exec_linux.go
parent	f33b64d8b7d7b2bd22560cfacc90e25d1f9e16b4 (diff)
download	podman-bd0766e9668f9dc186684223bea7b6388102ecb8.tar.gz podman-bd0766e9668f9dc186684223bea7b6388102ecb8.tar.bz2 podman-bd0766e9668f9dc186684223bea7b6388102ecb8.zip