From 0d0ad59641a308450d694d4c2fb95303c64fabf8 Mon Sep 17 00:00:00 2001
From: Peter Hunt <pehunt@redhat.com>
Date: Thu, 7 Mar 2019 12:52:54 -0500
Subject: Default to SELinux private label for play kube mounts

Before, there were SELinux denials when a volume was bind-mounted by podman play kube.
Partially fix this by setting the default private label for mounts created by play kube (with DirectoryOrCreate)
For volumes mounted as Directory, the user will have to set their own SELinux permissions on the mount point

also remove left over debugging print statement

Signed-off-by: Peter Hunt <pehunt@redhat.com>
---
 libpod/util_unsupported.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'libpod/util_unsupported.go')

diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go
index d598b465f..940006e69 100644
--- a/libpod/util_unsupported.go
+++ b/libpod/util_unsupported.go
@@ -21,3 +21,9 @@ func deleteSystemdCgroup(path string) error {
 func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) {
 	return "", errors.Wrapf(ErrOSNotSupported, "cgroups are not supported on non-linux OSes")
 }
+
+// LabelVolumePath takes a mount path for a volume and gives it an
+// selinux label of either shared or not
+func LabelVolumePath(path string, shared bool) error {
+	return ErrNotImplemented
+}
-- 
cgit v1.2.3-54-g00ecf