Merge pull request #112 from rhatdan/selinux

Can't use SELinux separation when sharing the host pid or ipc namespace
2016-10-07 13:43:55 +02:00 · 2016-10-07 13:43:55 +02:00 · 356e5f3c22
commit 356e5f3c22
parent 8601a70a39 cd12a4acfe
1 changed files with 6 additions and 3 deletions
--- a/server/sandbox.go
+++ b/server/sandbox.go
@ -166,9 +166,12 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 		return nil, err
 	}

-	processLabel, mountLabel, err = getSELinuxLabels(nil)
-	if err != nil {
-		return nil, err
+	// Don't use SELinux separation with Host Pid or IPC Namespace,
+	if !req.GetConfig().GetLinux().GetNamespaceOptions().GetHostPid() && !req.GetConfig().GetLinux().GetNamespaceOptions().GetHostIpc() {
+		processLabel, mountLabel, err = getSELinuxLabels(nil)
+		if err != nil {
+			return nil, err
+		}
 	}

 	containerID, containerName, err := s.generateContainerIDandName(name, "infra", 0)