aboutsummaryrefslogtreecommitdiff
path: root/libpod/container_internal_linux.go
diff options
context:
space:
mode:
Diffstat (limited to 'libpod/container_internal_linux.go')
-rw-r--r--libpod/container_internal_linux.go12
1 files changed, 9 insertions, 3 deletions
diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go
index a136fb72d..1990ac776 100644
--- a/libpod/container_internal_linux.go
+++ b/libpod/container_internal_linux.go
@@ -380,8 +380,14 @@ func (c *Container) generateSpec(ctx context.Context) (*spec.Spec, error) {
case "z":
fallthrough
case "Z":
- if err := label.Relabel(m.Source, c.MountLabel(), label.IsShared(o)); err != nil {
- return nil, err
+ if c.MountLabel() != "" {
+ if c.ProcessLabel() != "" {
+ if err := label.Relabel(m.Source, c.MountLabel(), label.IsShared(o)); err != nil {
+ return nil, err
+ }
+ } else {
+ logrus.Infof("Not relabeling volume %q in container %s as SELinux is disabled", m.Source, c.ID())
+ }
}
default:
@@ -2214,7 +2220,7 @@ func (c *Container) getOCICgroupPath() (string, error) {
}
cgroupManager := c.CgroupManager()
switch {
- case (rootless.IsRootless() && !unified) || c.config.NoCgroups:
+ case (rootless.IsRootless() && (cgroupManager == config.CgroupfsCgroupsManager || !unified)) || c.config.NoCgroups:
return "", nil
case c.config.CgroupsMode == cgroupSplit:
if c.config.CgroupParent != "" {
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-23 04:38:48 +0000