This will release the MCS Label to be used again. Only do this if we
don't have another sandbox using the same label.
Also vendor in the latest selinux go bindings, which fixes a leak and
properly reserves the SELinux label we are going to use.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Rename our $STORAGE_OPTS variable to $STORAGE_OPTIONS, so that the
storage library doesn't try to use its contents as default driver
options.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Remove the directory named by "$MOUNT_PATH", not "MOUNT_PATH".
Run "cat /proc/mounts" instead of "mount" in the test container.
Run "grep" using the "run" helper when we want to capture its output.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
When initializing a Runtime, set the default Store for the
containers-storage transport in the image library to the same one that
we're using, so that the calling process sees the same set of images
in the Runtime that it sees when going through the image library.
Update the kpod_push test so that it no longer has to specify a location
in the destination image reference, since the default should already be
passed to kpod as global options.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
In the config file (/etc/crio/crio.conf) installed by `make install.config` , runc runtime path is specified "/usr/bin/runc"
Signed-off-by: Masatoshi Hayashi <literalice@monochromeroad.com>
This patch fixes exec to use the original (start-time) process exec
configuration. Otherwise, we were creating a brand new spec process w/o
additional groups for instance.
Spotted while integrating CRI-O with cri-test...The test was failing
with:
```
• Failure [10.640 seconds]
[k8s.io] Security Context
/home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/framework/framework.go:72
bucket
/home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:407
runtime should support SupplementalGroups [It]
/home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:272
Expected
<[]string | len:1, cap:1>: ["0"]
to contain element matching
<string>: 1234
```
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
Determine if selinux is available before building cri-o with support.
Don't add ostree support to crio or any tools other then kpod.
cri-o does not use ostree.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
If the playbook is run multiple times or a host already has
swap configured, re-adding swap over the existing file
will cause untold problems. Also, it will not persist across
reboots unless added to fstab.
Avoid this by checking if any swap is active. If not
create a unique swapfile and format it. Then enable
it to persist across reboots.
Signed-off-by: Chris Evich <cevich@redhat.com>
Tested on a REHL box and found out that the mounts were not showing up
Had a logic flaw, where if the mount was "host:container"
Was setting the mount source to "host" and destination to "ctrRunDir/container"
When instead, the mount source should be "ctrRunDir/container" and destination "container"
with the data copied from "host" to "ctrRunDir/container"
Signed-off-by: umohnani8 <umohnani@redhat.com>
New network test makes improper assumptions about conmon path.
Use predefined CONMON_BINARY variable instead.
Signed-off-by: Ed Santiago <santiago@redhat.com>