aboutsummaryrefslogtreecommitdiff
path: root/libpod/container_internal_linux.go
diff options
context:
space:
mode:
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r--libpod/container_internal_linux.go22
1 files changed, 22 insertions, 0 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index f9e161cb3..b77beaf64 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -98,6 +98,28 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
}
}
+ // Check if the spec file mounts contain the label Relabel flags z or Z.
+ // If they do, relabel the source directory and then remove the option.
+ for _, m := range g.Mounts() {
+ var options []string
+ for _, o := range m.Options {
+ switch o {
+ case "z":
+ fallthrough
+ case "Z":
+ if err := label.Relabel(m.Source, c.MountLabel(), label.IsShared(o)); err != nil {
+ return nil, errors.Wrapf(err, "relabel failed %q", m.Source)
+ }
+
+ default:
+ options = append(options, o)
+ }
+ }
+ m.Options = options
+ }
+
+ g.SetProcessSelinuxLabel(c.ProcessLabel())
+ g.SetLinuxMountLabel(c.MountLabel())
// Remove the default /dev/shm mount to ensure we overwrite it
g.RemoveMount("/dev/shm")
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-01-01 07:25:53 +0000