diff options
author | Steven Taylor <steven@taylormuff.co.uk> | 2021-02-02 18:13:13 +0000 |
---|---|---|
committer | Steven Taylor <steven@taylormuff.co.uk> | 2021-02-02 18:13:13 +0000 |
commit | c68b59f97fcba356b167f62031070129ed687648 (patch) | |
tree | 105492dc798f8f424937a7bf7dc95603498ba62d /pkg/specgen/generate/kube | |
parent | 735b16e34721449781f82b10555b15e4aead0deb (diff) | |
download | podman-c68b59f97fcba356b167f62031070129ed687648.tar.gz podman-c68b59f97fcba356b167f62031070129ed687648.tar.bz2 podman-c68b59f97fcba356b167f62031070129ed687648.zip |
play kube selinux label issue
play kube function not respecting selinux options in kube yaml, all options were
being mapped to role.
fixes issue 8710
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
Diffstat (limited to 'pkg/specgen/generate/kube')
-rw-r--r-- | pkg/specgen/generate/kube/kube.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 0d7ee3ad2..98ab82259 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -282,16 +282,16 @@ func setupSecurityContext(s *specgen.SpecGenerator, containerYAML v1.Container) if seopt := containerYAML.SecurityContext.SELinuxOptions; seopt != nil { if seopt.User != "" { - s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.User)) + s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("user:%s", seopt.User)) } if seopt.Role != "" { s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Role)) } if seopt.Type != "" { - s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Type)) + s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("type:%s", seopt.Type)) } if seopt.Level != "" { - s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Level)) + s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("level:%s", seopt.Level)) } } if caps := containerYAML.SecurityContext.Capabilities; caps != nil { |