Merge pull request #5817 from rhatdan/selinux1

Fix up SELinux labeling
author: OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> 2020-04-15 14:28:53 -0700
committer: GitHub <noreply@github.com> 2020-04-15 14:28:53 -0700
commit: 0f7162d791076e736a7cee3a45051925fa4d0589 (patch)
tree: 10751bb96b17a98842fac1cfb4ee5c492064b161 /pkg/specgen/generate/container.go
parent: 3500a8bc39bfc625444fb343a239d607604f06d6 (diff)
parent: ac94a96a74e63854ab492e35c6c5c26145a6674a (diff)
download: podman-0f7162d791076e736a7cee3a45051925fa4d0589.tar.gz
podman-0f7162d791076e736a7cee3a45051925fa4d0589.tar.bz2
podman-0f7162d791076e736a7cee3a45051925fa4d0589.zip
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 78c77fec1..edd54847d 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -113,6 +113,14 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
 	if err := finishThrottleDevices(s); err != nil {
 		return err
 	}
+	// Unless already set via the CLI, check if we need to disable process
+	// labels or set the defaults.
+	if len(s.SelinuxOpts) == 0 {
+		if err := s.SetLabelOpts(r, s.PidNS, s.IpcNS); err != nil {
+			return err
+		}
+	}
+
 	return nil
 }
author	OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>	2020-04-15 14:28:53 -0700
committer	GitHub <noreply@github.com>	2020-04-15 14:28:53 -0700
commit	0f7162d791076e736a7cee3a45051925fa4d0589 (patch)
tree	10751bb96b17a98842fac1cfb4ee5c492064b161 /pkg/specgen/generate/container.go
parent	3500a8bc39bfc625444fb343a239d607604f06d6 (diff)
parent	ac94a96a74e63854ab492e35c6c5c26145a6674a (diff)
download	podman-0f7162d791076e736a7cee3a45051925fa4d0589.tar.gz podman-0f7162d791076e736a7cee3a45051925fa4d0589.tar.bz2 podman-0f7162d791076e736a7cee3a45051925fa4d0589.zip