Remove hard coding of SELinux labels on systems without proper selinux policy.
If a system is configured for SELinux but does not know about docker or containers, then we want the transitions of the policy to work. Hard coding the labels causes docker to break on older Fedora and RHEL systems Docker-DCO-1.1-Signed-off-by: Dan Walsh <dwalsh@redhat.com> (github: rhatdan)
This commit is contained in:
		
							parent
							
								
									74349e02c6
								
							
						
					
					
						commit
						cecd7a37bf
					
				
					 1 changed files with 6 additions and 4 deletions
				
			
		|  | @ -313,12 +313,9 @@ func GetLxcContexts() (processLabel string, fileLabel string) { | |||
| 		return "", "" | ||||
| 	} | ||||
| 	lxcPath := fmt.Sprintf("%s/content/lxc_contexts", GetSELinuxPolicyRoot()) | ||||
| 	fileLabel = "system_u:object_r:svirt_sandbox_file_t:s0" | ||||
| 	processLabel = "system_u:system_r:svirt_lxc_net_t:s0" | ||||
| 
 | ||||
| 	in, err := os.Open(lxcPath) | ||||
| 	if err != nil { | ||||
| 		goto exit | ||||
| 		return "", "" | ||||
| 	} | ||||
| 	defer in.Close() | ||||
| 
 | ||||
|  | @ -352,6 +349,11 @@ func GetLxcContexts() (processLabel string, fileLabel string) { | |||
| 			} | ||||
| 		} | ||||
| 	} | ||||
| 
 | ||||
| 	if processLabel == "" || fileLabel == "" { | ||||
| 		return "", "" | ||||
| 	} | ||||
| 
 | ||||
| exit: | ||||
| 	mcs := IntToMcs(os.Getpid(), 1024) | ||||
| 	scon := NewContext(processLabel) | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue