diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2019-03-29 05:47:02 -0700 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-03-29 05:47:02 -0700 |
commit | 9b789359f17f22bdd2ed49087c23eebf39f338f3 (patch) | |
tree | 4ccdf7b1acd720ea0b0c4c92804afd63d9bd5b1f /libpod/util_linux.go | |
parent | 376a89c7a417e90bc667e11f7264e4a7ea950bfe (diff) | |
parent | 0d0ad59641a308450d694d4c2fb95303c64fabf8 (diff) | |
download | podman-9b789359f17f22bdd2ed49087c23eebf39f338f3.tar.gz podman-9b789359f17f22bdd2ed49087c23eebf39f338f3.tar.bz2 podman-9b789359f17f22bdd2ed49087c23eebf39f338f3.zip |
Merge pull request #2575 from haircommander/hotfix_play_kube
Default to SELinux private label for play kube mounts
Diffstat (limited to 'libpod/util_linux.go')
-rw-r--r-- | libpod/util_linux.go | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/libpod/util_linux.go b/libpod/util_linux.go index 30e2538c3..a801df2ee 100644 --- a/libpod/util_linux.go +++ b/libpod/util_linux.go @@ -9,6 +9,7 @@ import ( "github.com/containerd/cgroups" "github.com/containers/libpod/pkg/util" spec "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -91,3 +92,23 @@ func GetV1CGroups(excludes []string) cgroups.Hierarchy { return filtered, nil } } + +// LabelVolumePath takes a mount path for a volume and gives it an +// selinux label of either shared or not +func LabelVolumePath(path string, shared bool) error { + _, mountLabel, err := label.InitLabels([]string{}) + if err != nil { + return errors.Wrapf(err, "error getting default mountlabels") + } + if err := label.ReleaseLabel(mountLabel); err != nil { + return errors.Wrapf(err, "error releasing label %q", mountLabel) + } + if err := label.Relabel(path, mountLabel, shared); err != nil { + permString := "private" + if shared { + permString = "shared" + } + return errors.Wrapf(err, "error setting selinux label for %s to %q as %s", path, mountLabel, permString) + } + return nil +} |