diff options
| author | Steven Taylor <steven@taylormuff.co.uk> | 2021-02-02 18:13:13 +0000 |
|---|---|---|
| committer | Matthew Heon <matthew.heon@pm.me> | 2021-02-05 13:52:41 -0500 |
| commit | 572b0803c7d5e5379e8d7ac5c133eb9c2c4a3ccf (patch) | |
| tree | cb151ba1f6c9ba38df704b9fb82756257937891d /pkg/specgen/generate/kube | |
| parent | 951879c69045c893c15c3eb902a54115f0e28c18 (diff) | |
| download | podman-572b0803c7d5e5379e8d7ac5c133eb9c2c4a3ccf.tar.gz podman-572b0803c7d5e5379e8d7ac5c133eb9c2c4a3ccf.tar.bz2 podman-572b0803c7d5e5379e8d7ac5c133eb9c2c4a3ccf.zip | |
play kube selinux label issue
play kube function not respecting selinux options in kube yaml, all options were
being mapped to role.
fixes issue 8710
Signed-off-by: Steven Taylor <steven@taylormuff.co.uk>
Diffstat (limited to 'pkg/specgen/generate/kube')
| -rw-r--r-- | pkg/specgen/generate/kube/kube.go | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index 0d7ee3ad2..98ab82259 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -282,16 +282,16 @@ func setupSecurityContext(s *specgen.SpecGenerator, containerYAML v1.Container) if seopt := containerYAML.SecurityContext.SELinuxOptions; seopt != nil { if seopt.User != "" { - s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.User)) + s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("user:%s", seopt.User)) } if seopt.Role != "" { s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Role)) } if seopt.Type != "" { - s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Type)) + s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("type:%s", seopt.Type)) } if seopt.Level != "" { - s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("role:%s", seopt.Level)) + s.SelinuxOpts = append(s.SelinuxOpts, fmt.Sprintf("level:%s", seopt.Level)) } } if caps := containerYAML.SecurityContext.Capabilities; caps != nil { |