aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
authorOpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com>2021-09-30 13:31:53 -0400
committerGitHub <noreply@github.com>2021-09-30 13:31:53 -0400
commit3d08c4088fd397006241ff9c7177117a0b2269d6 (patch)
treea17dbebde0fef63ecdb97e28c2c2b825135fd83c /pkg
parent2a3c70fd9ce72bf619e7ad0bc28e2f0653657649 (diff)
parent1ff6a5082a440fe4a4c3f3670534ab6185d26752 (diff)
downloadpodman-3d08c4088fd397006241ff9c7177117a0b2269d6.tar.gz
podman-3d08c4088fd397006241ff9c7177117a0b2269d6.tar.bz2
podman-3d08c4088fd397006241ff9c7177117a0b2269d6.zip
Merge pull request #11793 from baude/playgenkubeselinux
Support selinux options with bind mounts play/gen
Diffstat (limited to 'pkg')
-rw-r--r--pkg/domain/infra/abi/play.go2
-rw-r--r--pkg/specgen/generate/kube/kube.go11
2 files changed, 12 insertions, 1 deletions
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go
index 35389ec5e..cf72a6253 100644
--- a/pkg/domain/infra/abi/play.go
+++ b/pkg/domain/infra/abi/play.go
@@ -319,8 +319,8 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY
if err != nil {
return nil, err
}
-
specgenOpts := kube.CtrSpecGenOptions{
+ Annotations: annotations,
Container: initCtr,
Image: pulledImage,
Volumes: volumes,
diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go
index c01d7a1f0..27a1e5a72 100644
--- a/pkg/specgen/generate/kube/kube.go
+++ b/pkg/specgen/generate/kube/kube.go
@@ -12,6 +12,7 @@ import (
"github.com/containers/common/pkg/parse"
"github.com/containers/common/pkg/secrets"
"github.com/containers/image/v5/manifest"
+ "github.com/containers/podman/v3/libpod/define"
"github.com/containers/podman/v3/libpod/network/types"
ann "github.com/containers/podman/v3/pkg/annotations"
"github.com/containers/podman/v3/pkg/domain/entities"
@@ -86,6 +87,8 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions,
}
type CtrSpecGenOptions struct {
+ // Annotations from the Pod
+ Annotations map[string]string
// Container as read from the pod yaml
Container v1.Container
// Image available to use (pulled or found local)
@@ -289,6 +292,14 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener
volume.MountPath = dest
switch volumeSource.Type {
case KubeVolumeTypeBindMount:
+ // If the container has bind mounts, we need to check if
+ // a selinux mount option exists for it
+ for k, v := range opts.Annotations {
+ // Make sure the z/Z option is not already there (from editing the YAML)
+ if strings.Replace(k, define.BindMountPrefix, "", 1) == volumeSource.Source && !util.StringInSlice("z", options) && !util.StringInSlice("Z", options) {
+ options = append(options, v)
+ }
+ }
mount := spec.Mount{
Destination: volume.MountPath,
Source: volumeSource.Source,