Merge pull request #112 from rhatdan/selinux
Can't use SELinux separation when sharing the host pid or ipc namespace
This commit is contained in:
		
						commit
						356e5f3c22
					
				
					 1 changed files with 6 additions and 3 deletions
				
			
		|  | @ -166,9 +166,12 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest | ||||||
| 		return nil, err | 		return nil, err | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	processLabel, mountLabel, err = getSELinuxLabels(nil) | 	// Don't use SELinux separation with Host Pid or IPC Namespace, | ||||||
| 	if err != nil { | 	if !req.GetConfig().GetLinux().GetNamespaceOptions().GetHostPid() && !req.GetConfig().GetLinux().GetNamespaceOptions().GetHostIpc() { | ||||||
| 		return nil, err | 		processLabel, mountLabel, err = getSELinuxLabels(nil) | ||||||
|  | 		if err != nil { | ||||||
|  | 			return nil, err | ||||||
|  | 		} | ||||||
| 	} | 	} | ||||||
| 
 | 
 | ||||||
| 	containerID, containerName, err := s.generateContainerIDandName(name, "infra", 0) | 	containerID, containerName, err := s.generateContainerIDandName(name, "infra", 0) | ||||||
|  |  | ||||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue