diff options
| author | OpenShift Merge Robot <openshift-merge-robot@users.noreply.github.com> | 2021-09-30 14:34:26 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-30 14:34:26 -0400 |
| commit | 9911813c2282b71fb412756fe868e8fef6ec80b9 (patch) | |
| tree | 8dbb9c9f8f567a9934a115bc4fbc225b8b6a26ab /pkg | |
| parent | d8bdbf5b66c860a73f5d4e301535c0ee40d8d719 (diff) | |
| parent | 128e168be598f76dcccfea2799e7b6015a1e929b (diff) | |
| download | podman-9911813c2282b71fb412756fe868e8fef6ec80b9.tar.gz podman-9911813c2282b71fb412756fe868e8fef6ec80b9.tar.bz2 podman-9911813c2282b71fb412756fe868e8fef6ec80b9.zip | |
Merge pull request #11812 from baude/v34backportplaygen
Support selinux options with bind mounts play/gen
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/domain/infra/abi/play.go | 2 | ||||
| -rw-r--r-- | pkg/specgen/generate/kube/kube.go | 11 |
2 files changed, 12 insertions, 1 deletions
diff --git a/pkg/domain/infra/abi/play.go b/pkg/domain/infra/abi/play.go index b32598126..b78e24547 100644 --- a/pkg/domain/infra/abi/play.go +++ b/pkg/domain/infra/abi/play.go @@ -319,8 +319,8 @@ func (ic *ContainerEngine) playKubePod(ctx context.Context, podName string, podY if err != nil { return nil, err } - specgenOpts := kube.CtrSpecGenOptions{ + Annotations: annotations, Container: initCtr, Image: pulledImage, Volumes: volumes, diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go index c01d7a1f0..27a1e5a72 100644 --- a/pkg/specgen/generate/kube/kube.go +++ b/pkg/specgen/generate/kube/kube.go @@ -12,6 +12,7 @@ import ( "github.com/containers/common/pkg/parse" "github.com/containers/common/pkg/secrets" "github.com/containers/image/v5/manifest" + "github.com/containers/podman/v3/libpod/define" "github.com/containers/podman/v3/libpod/network/types" ann "github.com/containers/podman/v3/pkg/annotations" "github.com/containers/podman/v3/pkg/domain/entities" @@ -86,6 +87,8 @@ func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, } type CtrSpecGenOptions struct { + // Annotations from the Pod + Annotations map[string]string // Container as read from the pod yaml Container v1.Container // Image available to use (pulled or found local) @@ -289,6 +292,14 @@ func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGener volume.MountPath = dest switch volumeSource.Type { case KubeVolumeTypeBindMount: + // If the container has bind mounts, we need to check if + // a selinux mount option exists for it + for k, v := range opts.Annotations { + // Make sure the z/Z option is not already there (from editing the YAML) + if strings.Replace(k, define.BindMountPrefix, "", 1) == volumeSource.Source && !util.StringInSlice("z", options) && !util.StringInSlice("Z", options) { + options = append(options, v) + } + } mount := spec.Mount{ Destination: volume.MountPath, Source: volumeSource.Source, |