vbatts/cri-o
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge pull request #391 from rhatdan/selinux

Browse source 
Set SELinux mount label for pod sandbox
This commit is contained in:
Mrunal Patel 2017-03-16 14:45:29 -07:00 committed by GitHub
commit 792f585c44
3 changed files with 4 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.tool/lint
View file

@ -18,5 +18,5 @@ for d in $(find . -type d -not -iwholename '*.git*' -a -not -iname '.tool' -a -n
--cyclo-over=60 \ --cyclo-over=60 \
--dupl-threshold=100 \ --dupl-threshold=100 \
--tests \ --tests \
--deadline=30s "${d}" --deadline=60s "${d}"
done done

1
server/sandbox_run.go
View file

@ -201,6 +201,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
return nil, err return nil, err
} }
g.SetProcessSelinuxLabel(processLabel) g.SetProcessSelinuxLabel(processLabel)
g.SetLinuxMountLabel(mountLabel)
} }
// create shm mount for the pod containers. // create shm mount for the pod containers.

4
utils/utils.go
View file

@ -69,10 +69,8 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error {
properties = append(properties, newProp("PIDs", []uint32{uint32(pid)})) properties = append(properties, newProp("PIDs", []uint32{uint32(pid)}))
properties = append(properties, newProp("Delegate", true)) properties = append(properties, newProp("Delegate", true))
properties = append(properties, newProp("DefaultDependencies", false)) properties = append(properties, newProp("DefaultDependencies", false))
if _, err := conn.StartTransientUnit(unitName, "replace", properties, nil); err != nil { _, err = conn.StartTransientUnit(unitName, "replace", properties, nil)
return err return err
}
return nil
} }
func newProp(name string, units interface{}) systemdDbus.Property { func newProp(name string, units interface{}) systemdDbus.Property {