summaryrefslogtreecommitdiff
path: root/pkg/specgen/generate/kube
diff options
context:
space:
mode:
authorSteven Taylor <steven@taylormuff.co.uk>2021-02-02 18:13:13 +0000
committerSteven Taylor <steven@taylormuff.co.uk>2021-02-02 18:13:13 +0000
commitc68b59f97fcba356b167f62031070129ed687648 (patch)
tree105492dc798f8f424937a7bf7dc95603498ba62d /pkg/specgen/generate/kube
parent735b16e34721449781f82b10555b15e4aead0deb (diff)
downloadpodman-c68b59f97fcba356b167f62031070129ed687648.tar.gz
podman-c68b59f97fcba356b167f62031070129ed687648.tar.bz2
podman-c68b59f97fcba356b167f62031070129ed687648.zip
play kube selinux label issue
play kube function not respecting selinux options in kube yaml, all options were being mapped to role. fixes issue 8710 Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
Diffstat (limited to 'pkg/specgen/generate/kube')
-rw-r--r--pkg/specgen/generate/kube/kube.go6
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index 0d7ee3ad2..98ab82259 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -282,16 +282,16 @@ func setupSecurityContext(s *specgen.SpecGenerator, containerYAML v1.Container)
if seopt := containerYAML.SecurityContext.SELinuxOptions; seopt != nil {
if seopt.User != "" {
- s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.User))
+ s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("user:%s", seopt.User))
}
if seopt.Role != "" {
s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Role))
}
if seopt.Type != "" {
- s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Type))
+ s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("type:%s", seopt.Type))
}
if seopt.Level != "" {
- s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Level))
+ s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("level:%s", seopt.Level))
}
}
if caps := containerYAML.SecurityContext.Capabilities; caps != nil {