diff options
author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-09-30 13:31:53 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-09-30 13:31:53 -0400 |
commit | 3d08c4088fd397006241ff9c7177117a0b2269d6 (patch) | |
tree | a17dbebde0fef63ecdb97e28c2c2b825135fd83c /pkg | |
parent | 2a3c70fd9ce72bf619e7ad0bc28e2f0653657649 (diff) | |
parent | 1ff6a5082a440fe4a4c3f3670534ab6185d26752 (diff) | |
download | podman-3d08c4088fd397006241ff9c7177117a0b2269d6.tar.gz podman-3d08c4088fd397006241ff9c7177117a0b2269d6.tar.bz2 podman-3d08c4088fd397006241ff9c7177117a0b2269d6.zip |
Merge pull request #11793 from baude/playgenkubeselinux
Support selinux options with bind mounts play/gen
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/domain/infra/abi/play.go | 2 | ||||
-rw-r--r-- | pkg/specgen/generate/kube/kube.go | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index 35389ec5e..cf72a6253 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -319,8 +319,8 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY if err != nil { return nil, err } - specgenOpts := kube.CtrSpecGenOptions{ + Annotations: annotations, Container: initCtr, Image: pulledImage, Volumes: volumes, diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index c01d7a1f0..27a1e5a72 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -12,6 +12,7 @@ import ( "github.com/containers/common/pkg/parse" "github.com/containers/common/pkg/secrets" "github.com/containers/image/v5/manifest" + "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/network/types" ann "github.com/containers/podman/v3/pkg/annotations" "github.com/containers/podman/v3/pkg/domain/entities" @@ -86,6 +87,8 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, } type CtrSpecGenOptions struct { + // Annotations from the Pod + Annotations map[string]string // Container as read from the pod yaml Container v1.Container // Image available to use (pulled or found local) @@ -289,6 +292,14 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener volume.MountPath = dest switch volumeSource.Type { case KubeVolumeTypeBindMount: + // If the container has bind mounts, we need to check if + // a selinux mount option exists for it + for k, v := range opts.Annotations { + // Make sure the z/Z option is not already there (from editing the YAML) + if strings.Replace(k, define.BindMountPrefix, "", 1) == volumeSource.Source && !util.StringInSlice("z", options) && !util.StringInSlice("Z", options) { + options = append(options, v) + } + } mount := spec.Mount{ Destination: volume.MountPath, Source: volumeSource.Source, |