Setup proper labeling for running test with selinux

The rootfs that gets created needs to have an SELinux label that containers
can write to.  Until they get native storage support, this patch will
force the entire storage pool to be labeled in such a way that confined
containers can read/write/execute the content.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Dan Walsh 2016-10-14 17:26:13 -04:00
parent 91efd54e2b
commit 04807d586a

View file

@ -22,6 +22,11 @@ RUNC_PATH=$(command -v runc || true)
RUNC_BINARY=${RUNC_PATH:-/usr/local/sbin/runc} RUNC_BINARY=${RUNC_PATH:-/usr/local/sbin/runc}
TESTDIR=$(mktemp -d) TESTDIR=$(mktemp -d)
if selinuxenabled; then
. /etc/selinux/config
filelabel=$(awk -F'"' '/^file.*=.*/ {print $2}' /etc/selinux/${SELINUXTYPE}/contexts/lxc_contexts)
chcon -R ${filelabel} $TESTDIR
fi
OCID_SOCKET="$TESTDIR/ocid.sock" OCID_SOCKET="$TESTDIR/ocid.sock"
OCID_CONFIG="$TESTDIR/ocid.conf" OCID_CONFIG="$TESTDIR/ocid.conf"