Setup proper labeling for running test with selinux
The rootfs that gets created needs to have an SELinux label that containers can write to. Until they get native storage support, this patch will force the entire storage pool to be labeled in such a way that confined containers can read/write/execute the content. Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Dan Walsh
parent
91efd54e2b
commit
04807d586a
1 changed files with 5 additions and 0 deletions
|
|
@ -22,6 +22,11 @@ RUNC_PATH=$(command -v runc || true)
|
|||
RUNC_BINARY=${RUNC_PATH:-/usr/local/sbin/runc}
|
||||
|
||||
TESTDIR=$(mktemp -d)
|
||||
if selinuxenabled; then
|
||||
. /etc/selinux/config
|
||||
filelabel=$(awk -F'"' '/^file.*=.*/ {print $2}' /etc/selinux/${SELINUXTYPE}/contexts/lxc_contexts)
|
||||
chcon -R ${filelabel} $TESTDIR
|
||||
fi
|
||||
OCID_SOCKET="$TESTDIR/ocid.sock"
|
||||
OCID_CONFIG="$TESTDIR/ocid.conf"
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue