diff options
author | Daniel J Walsh <dwalsh@redhat.com> | 2020-04-14 16:44:37 -0400 |
---|---|---|
committer | Daniel J Walsh <dwalsh@redhat.com> | 2020-04-15 16:30:03 -0400 |
commit | ac94a96a74e63854ab492e35c6c5c26145a6674a (patch) | |
tree | b064e77c440d8d40b0138fb00c1335408e45326f /pkg/specgen/generate | |
parent | 195cb11276d61311bbd2b5274ac7a98b62abaaba (diff) | |
download | podman-ac94a96a74e63854ab492e35c6c5c26145a6674a.tar.gz podman-ac94a96a74e63854ab492e35c6c5c26145a6674a.tar.bz2 podman-ac94a96a74e63854ab492e35c6c5c26145a6674a.zip |
Fix up SELinux labeling
SELinux label options processing fixes, should allow system tests to pass.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Diffstat (limited to 'pkg/specgen/generate')
-rw-r--r-- | pkg/specgen/generate/container.go | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/specgen/generate/container.go b/pkg/specgen/generate/container.go index 78c77fec1..edd54847d 100644 --- a/pkg/specgen/generate/container.go +++ b/pkg/specgen/generate/container.go @@ -113,6 +113,14 @@ func CompleteSpec(ctx context.Context, r *libpod.Runtime, s *specgen.SpecGenerat if err := finishThrottleDevices(s); err != nil { return err } + // Unless already set via the CLI, check if we need to disable process + // labels or set the defaults. + if len(s.SelinuxOpts) == 0 { + if err := s.SetLabelOpts(r, s.PidNS, s.IpcNS); err != nil { + return err + } + } + return nil } |