summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate/container.go
diff options
context:
space:
mode:
authorDaniel J Walsh <dwalsh@redhat.com>2020-04-14 16:44:37 -0400
committerDaniel J Walsh <dwalsh@redhat.com>2020-04-15 16:30:03 -0400
commitac94a96a74e63854ab492e35c6c5c26145a6674a (patch)
treeb064e77c440d8d40b0138fb00c1335408e45326f /pkg/specgen/generate/container.go
parent195cb11276d61311bbd2b5274ac7a98b62abaaba (diff)
downloadpodman-ac94a96a74e63854ab492e35c6c5c26145a6674a.tar.gz
podman-ac94a96a74e63854ab492e35c6c5c26145a6674a.tar.bz2
podman-ac94a96a74e63854ab492e35c6c5c26145a6674a.zip
Fix up SELinux labeling
SELinux label options processing fixes, should allow system tests to pass. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg/specgen/generate/container.go')
-rw-r--r--pkg/specgen/generate/container.go8
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go
index 78c77fec1..edd54847d 100644
--- a/pkg/specgen/generate/container.go
+++ b/pkg/specgen/generate/container.go
@@ -113,6 +113,14 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat
if err := finishThrottleDevices(s); err != nil {
return err
}
+ // Unless already set via the CLI, check if we need to disable process
+ // labels or set the defaults.
+ if len(s.SelinuxOpts) == 0 {
+ if err := s.SetLabelOpts(r, s.PidNS, s.IpcNS); err != nil {
+ return err
+ }
+ }
+
return nil
}