Merge pull request #391 from rhatdan/selinux

Set SELinux mount label for pod sandbox
This commit is contained in:
Mrunal Patel 2017-03-16 14:45:29 -07:00 committed by GitHub
commit 792f585c44
3 changed files with 4 additions and 5 deletions

View file

@ -18,5 +18,5 @@ for d in $(find . -type d -not -iwholename '*.git*' -a -not -iname '.tool' -a -n
--cyclo-over=60 \
--dupl-threshold=100 \
--tests \
--deadline=30s "${d}"
--deadline=60s "${d}"
done

View file

@ -201,6 +201,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
return nil, err
}
g.SetProcessSelinuxLabel(processLabel)
g.SetLinuxMountLabel(mountLabel)
}
// create shm mount for the pod containers.

View file

@ -69,10 +69,8 @@ func RunUnderSystemdScope(pid int, slice string, unitName string) error {
properties = append(properties, newProp("PIDs", []uint32{uint32(pid)}))
properties = append(properties, newProp("Delegate", true))
properties = append(properties, newProp("DefaultDependencies", false))
if _, err := conn.StartTransientUnit(unitName, "replace", properties, nil); err != nil {
_, err = conn.StartTransientUnit(unitName, "replace", properties, nil)
return err
}
return nil
}
func newProp(name string, units interface{}) systemdDbus.Property {