Merge pull request #391 from rhatdan/selinux

Set SELinux mount label for pod sandbox

.tool/lint

@@ -18,5 +18,5 @@ for d in $(find . -type d -not -iwholename '*.git*' -a -not -iname '.tool' -a -n
 		 --cyclo-over=60 \
 		 --dupl-threshold=100 \
 		 --tests \
-		 --deadline=30s "${d}"
+		 --deadline=60s "${d}"
 done

server/sandbox_run.go

@@ -201,6 +201,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 			return nil, err
 		}
 		g.SetProcessSelinuxLabel(processLabel)
+		g.SetLinuxMountLabel(mountLabel)
 	}
 
 	// create shm mount for the pod containers.

utils/utils.go

@@ -69,10 +69,8 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error {
 	properties = append(properties, newProp("PIDs", []uint32{uint32(pid)}))
 	properties = append(properties, newProp("Delegate", true))
 	properties = append(properties, newProp("DefaultDependencies", false))
-	if _, err := conn.StartTransientUnit(unitName, "replace", properties, nil); err != nil {
-		return err
-	}
-	return nil
+	_, err = conn.StartTransientUnit(unitName, "replace", properties, nil)
+	return err
 }
 
 func newProp(name string, units interface{}) systemdDbus.Property {