From 0b9e07f7f289da6fda83bcb1660e345cf894a6b6 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Tue, 29 Oct 2019 16:04:21 -0400
Subject: Processes execed into container should match container label

Processes execed into a container were not being run with the correct label.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
---
 libpod/oci_conmon_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'libpod')

diff --git a/libpod/oci_conmon_linux.go b/libpod/oci_conmon_linux.go
index 448e05bdf..2798c3043 100644
--- a/libpod/oci_conmon_linux.go
+++ b/libpod/oci_conmon_linux.go
@@ -1023,8 +1023,8 @@ func prepareProcessExec(c *Container, cmd, env []string, tty bool, cwd, user, se
 	if err != nil {
 		return nil, err
 	}
-
 	pspec := c.config.Spec.Process
+	pspec.SelinuxLabel = c.config.ProcessLabel
 	pspec.Args = cmd
 	// We need to default this to false else it will inherit terminal as true
 	// from the container.
-- 
cgit v1.2.3-54-g00ecf